I got my iPhone stolen in mid-January in Munich. When I found out, it was already offline so I only activated Lost mode – just in case somebody “found” it – and assumed that thanks to the Find my iPhone feature turned on, one won’t make much of a profit out of it.
I’ve bought a new iPhone and let the old one go. A month after, I got an email:
The email looks perfectly genuine. All the information are accurate so yeah … let’s see its location, right! After I tapped See Location button I was taken to a page that looked exactly like the iCloud’s web interface. What I didn’t notice was the address: http://donotreply-icloud.com/?5CLoinle in the Safari’s address bar. I entered my Apple Id and bang! In just two seconds, both my iPhones and an iPad showed the Apple logo with a progress bar underneath it. And then it hit me. They were all – including the stolen iPhone 6 – remotely erased and Find my iPhone disabled. In the next minute, I changed my Apple Id password to avoid any further damages.
Clearly, there exists quite a sophisticated service that generates those phishing emails for bypassing the Activation Lock of stolen iPhones. This one sits on a US server at ip-107-180-41-157.ip.secureserver.net with domain register at GoDaddy.
Even IT professionals are not invincible. When certain factors meet – in my case: no glasses on, in a hurry, personalized email – everyone could become a victim.
“Constant vigilance” Mad-Eye Moody
“Trust no one” Deep Throat, X-Files
If you happen to get your hands on my stolen iPhone 6, 64Gb Silver IMEI: 359311069290086 with a bump on the bottom, please shoot me an email to my Apple Id’s email address or take it to the nearest Polizei station. Thank you.