My wife’s iPhone X was snatched out of her hand in Clerkenwell just over a week ago. It obviously immediately went offline and wasn’t trackable, so we put it in Lost Mode with my mobile number.
It was insured, so we began the process of sorting it out, buying a replacement phone whilst we waited for the insurers to deal with it. A police report was filed, and replacement SIM issued.
Tonight, I received a text message telling me that the stolen iPhone had been found, listing the IMEI number and to log in to check its location. 
At first I tried to log in, but for some reason it wasn’t auto-populating the saved password. I manually tried entering my wife’s password but that didn’t work either.
Then I remembered that early last week she’d mistaken received an SMS from Quiqup meant for their rider fleet, which I was curious about, so I’d logged into Find My iPhone just in case. Seeing this login attempt, she changed her password quickly.
I didn’t know the new password, so I wasn’t able to log in, and so I waited for her to come home. In the meantime I received the second message you can see in the screenshot above, so I opened the link again. This time I got an SSL error with the site. Weird.
Only then did I notice the domain name not being apple.com. I tried hitting the site on my laptop and it redirected me to iCloud.com. Weird. I tried visiting the exact URL and it took me to this sophisticated — but plainly fraudulent — phishing site.
Not longer later my wife came home, and found she had a real message on her Apple Watch about her phone being online (it was still paired to the old phone), so we logged into iCloud.com (with her new password).
Since the phone had to have been online in order for them to get my number from the Lost Mode screen, it was able to briefly ping its location back to Apple, revealing it was now in a town called Baufarik, in Algeria.
As far as I can tell, this building at the T-junction in the middle of this photo is where it was last. Maybe one day I’ll visit it.
No chance of getting it back now, though, so only one thing left to do.
I like to think of myself as relatively clued-up on the various social engineering scams out there, but this one completely blind-sided me, because obviously being shaken up by the theft made me vulnerable.
The stolen iPhone had 2FA enabled, but even so, if it hadn’t been for @quiqup’s gaffe last week, I’d have given away the *real* password to my wife’s iCloud account. Who knows what headaches that could have caused.
So, in summary: if you have your iPhone stolen, be extremely wary of messages about your phone having been found. If in any doubt, visit iCloud.com directly in your browser!
Update:
