Jirka's Public Notepad

Data Engineering | Python | SQL Server | Teradata

February 10, 2016 By Jiří Hubáček Leave a Comment

How they phished my Apple Id – 359311069290086 stolen

I got my iPhone stolen in mid-January in Munich. When I found out, it was already offline so I only activated Lost mode – just in case somebody “found” it – and assumed that thanks to the Find my iPhone feature turned on, one won’t make much of a profit out of it.

I’ve bought a new iPhone and let the old one go. A month after, I got an email:

son-of-a-bitch
Thanks Google Inbox for not catching it :-/

The email looks perfectly genuine. All the information are accurate so yeah … let’s see its location, right! After I tapped See Location button I was taken to a page that looked exactly like the iCloud’s web interface. What I didn’t notice was the address: http://donotreply-icloud.com/?5CLoinle in the Safari’s address bar. I entered my Apple Id and bang! In just two seconds, both my iPhones and an iPad showed the Apple logo with a progress bar underneath it. And then it hit me. They were all – including the stolen iPhone 6 – remotely erased and Find my iPhone disabled. In the next minute, I changed my Apple Id password to avoid any further damages.

activation-lock
It’s gone …

Clearly, there exists quite a sophisticated service that generates those phishing emails for bypassing the Activation Lock of stolen iPhones. This one sits on a US server at ip-107-180-41-157.ip.secureserver.net with domain register at GoDaddy.

IP

Even IT professionals are not invincible. When certain factors meet – in my case: no glasses on, in a hurry, personalized email – everyone could become a victim.

“Constant vigilance” Mad-Eye Moody

“Trust no one” Deep Throat, X-Files


If you happen to get your hands on my stolen iPhone 6, 64Gb Silver IMEI: 359311069290086 with a bump on the bottom, please shoot me an email to my Apple Id’s email address or take it to the nearest Polizei station. Thank you.

 

Related

Filed Under: Uncategorized Tagged With: 359311069290086, IMEI, iPhone, phishing, scam, stolen

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • GitHub
  • LinkedIn
  • RSS
  • Twitter
© 2022 · Jiří Hubáček, PGP