A clever scam against iPhone users has been exposed

It is never great when you lose your phone, and it’s even worse when it’s stolen. There have been a lot of life hacks and tips to locate your phone after it’s gone “walkabout” but they could be revealing more than just your phone’s whereabouts.

After having his phones stolen while on holiday, web developer Joonas Kiminki decided to try the “Find My iPhone” app to see if he could do the detective work himself. It didn’t give him any information, and he went on with his holiday.

Joonas eventually bought a new phone and didn’t give it any more thought until he got a message days later telling him that his old one had been discovered. As he wrote in a blog for the site Hackernoon “I of course rushed to the address on the link and then started typing my credentials, but then suddenly stopped. Something was just not right”.

The link to get the details on his lost phone took him to a page called show-iphone-location.com and asked him to log in with his Apple ID and password. “First, the address seemed a little off. Not really something Apple would use, is it?” he wrote in his blog.

What stood out the most for him? He continued “The real thing, however, was that connection to the server is not encrypted — you would see it on the address bar, like on a genuine Apple page.”

After making this discovery Joonas did some IT digging and found that the emails didn’t come from Apple, it wasn’t an Apple Site, but it was trying to collect his information. The reason behind it is that the thieves need your account to unlock the phone that has been stolen. Joonas says in his blog “you can’t activate an iPhone as long as it’s connected to someone’s iCloud account”. He continued “However when you steal a phone; you can perfect the crime by stealing the poor b*****d’s identity as well.”

It was almost the perfect crime as the site looked legit, it had all the right branding, but it was missing the typical Apple touches which raised his concerns. Joonas said, “This is what Google.com and Apple should’ve told me 12 days ago when I searched for what to do”. However, he does take solace in knowing “Hopefully this post helps prevent at least one online scam and thus doesn’t feed the growing monster of internet fraud.”

Have you ever found one of these “not quite right” sites?  Have you been scammed by one?