Stolen iPhone? Be careful of what happens next.
Hat tip to Dr. Steven Blackwell for finding and sharing this link. The author was the victim of a iPhone theft in Italy and almost gave the perpetrators the keys to his iPhone and to his identity with a very clever phishing scheme. If you’ve ever lost an iPhone, you know you’ll get excited when Find My iPhone locates it:
The moment of excitement
Let me take you inside the mind of a person who’s lost their phone for a while. You’re of course bummed that it got stolen in the first place. Everybody blames themselves at least a bit. Then, you set all the notifications on for notifying if it ever finds its way back online. Finally, you sort of forget it — and when messages finally arrive that it’s found, you rush at full speed to learn about your dear phone’s adventure.
Looking at the page above, there were two things that alarmed me. First, the address seemed a little off. Not really something Apple would use, is it? The real thing, however, was that connection to the server is not encrypted — you would see it on the address bar, like on a genuine Apple page below….
The thieves spoofed an email and a website, and tracked down who he was by accessing (most likely) health information in the easily accessible Medical ID feature.
As far as I can guess (and if the phone doesn’t reveal the iCloud email when you turn it on), they used the “Medical ID” feature on the phone to see who it belongs to and thanks to my strange name found me on wunderkraut.com along with my email address and phone number (for sending the messages to) — in fact, I did check the site analytics and found that my profile had one hit from Google the next day the phone was stolen.
Whatever the actual method, a real person really made an effort to screw me over.
The real lesson: be careful what you click on, and then what you information you enter. It may save you a lot of time and expense.