Profile picture
Ben Darlow @kapowaz
, 15 tweets, 5 min read Read on Twitter
My wife’s iPhone X was snatched out of her hand in Clerkenwell just over a week ago. It obviously immediately went offline and wasn’t trackable, so we put it in Lost Mode with my mobile number.
It was insured, so we began the process of sorting it out, buying a replacement phone whilst we waited for the insurers to deal with it. A police report was filed, and replacement SIM issued.
Tonight, I received a text message telling me that the stolen iPhone had been found, listing the IMEI number and to log in to check its location.
At first I tried to log in, but for some reason it wasn’t auto-populating the saved password. I manually tried entering my wife’s password but that didn’t work either.
Then I remembered that early last week she’d mistaken received an SMS from Quiqup meant for their rider fleet, which I was curious about, so I’d logged into Find My iPhone just in case. Seeing this login attempt, she changed her password quickly.
I didn’t know the new password, so I wasn’t able to log in, and so I waited for her to come home. In the meantime I received the second message you can see in the screenshot above, so I opened the link again. This time I got an SSL error with the site. Weird.
Only then did I notice the domain name not being apple.com. I tried hitting the site on my laptop and it redirected me to iCloud.com. Weird. I tried visiting the exact URL and it took me to this sophisticated — but plainly fraudulent — phishing site.
Not longer later my wife came home, and found she had a real message on her Apple Watch about her phone being online (it was still paired to the old phone), so we logged into iCloud.com (with her new password).
Since the phone had to have been online in order for them to get my number from the Lost Mode screen, it was able to briefly ping its location back to Apple, revealing it was now in a town called Baufarik, in Algeria.
As far as I can tell, this building at the T-junction in the middle of this photo is where it was last. Maybe one day I’ll visit it.
No chance of getting it back now, though, so only one thing left to do.
I like to think of myself as relatively clued-up on the various social engineering scams out there, but this one completely blind-sided me, because obviously being shaken up by the theft made me vulnerable.
The stolen iPhone had 2FA enabled, but even so, if it hadn’t been for @quiqup’s gaffe last week, I’d have given away the *real* password to my wife’s iCloud account. Who knows what headaches that could have caused.
So, in summary: if you have your iPhone stolen, be extremely wary of messages about your phone having been found. If in any doubt, visit iCloud.com directly in your browser!
Update:
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ben Darlow
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!