We always think that we are safe with our data on the internet or we often don’t even think about it until one day what nobody expects happens: we are assaulted. Unfortunately this is a reality today in the country in which we live and the bandits are increasingly equipped and much more informed than we are.
I’ve been through this situation and a very close friend too. I could see that 99% of people are completely digitally exposed and our data is not protected as we imagine, or as me imagined. I had hacked e-mail accounts, Facebook, iCloud and even suffered threats.
The purpose of this article is to show how the bad guys act as soon as you are mugged and give some precious tips so you can protect yourself if you have your stolen iPhone.
social engineering
Then you start the day like any other when, at a certain moment, you are mugged and your iPhone is stolen. It doesn’t matter where, how or how. What matters is that they take your cell phone. At the moment you imagine that you are safe, because you put a strong password on the phone, you have the fingerprint or Face ID registration and “will not be able to unlock or format”Because your account is linked to iCloud. So, the bad guys “will have a paper weight and will not be able to sell“. However, the reality is not always this, and in most cases, you will find that your data has virtually no protection.
The first thing the bad guys do is remove your SIM card and put in any others they have. At this point they already know your phone number, as you can hardly cancel the line so quickly.
You may be wondering what’s wrong with the bad guy having access to your cell phone number. The problem is what can he do with that information and how vulnerable we are.
After having access to your cell phone number by placing it on another phone, one of the first things they do is enter Facebook page. A lot of people do not know, but it is possible to recover your Facebook password using your phone number. When entering the page, just click on the “Forgot your account?”. It can be accessed with either the email or the number.
So just put the number and ask to receive confirmation verification by SMS, which goes straight to whoever has the chip, that is, the bad guy.
When they have access to your Facebook account, the crooks quickly know what email is used in that account. And in most cases it is the same used to access the iCloud account.
The same procedure can also be used in other email services, such as Gmail, Hotmail, Yahoo and others. This way, the bad guys now have access to a lot of personal information about you through several of their accounts.
There are high chances that one of these accounts is the same registered on iCloud. Then just go to the Apple cloud page, inform that you “lost your password” and they resend it to your cell phone number (which I remember again, is in the hands of the bad guys). AND voila, they are able to log into your iCloud account and unlock your phone without any difficulty. They restore the device and sell it.
Fortunately, you can protect yourself in advance so that your data is not vulnerable by following the tips below.
Tip 1 Put a password on your CHIP
This tip is so good that it is worth sharing the link of this article with your friends and family. ?
Many people do not know, but it is possible to put a chip password operator. And every time you change that device chip or reconnect it, you will need to confirm this PIN. To create a new password, go to Settings ›Cellular› SIM PIN. Each operator has a standard SIM password that you will need to enter to change to a new one, if you have never modified it:
- LIVE: 8486
- TIM: 1010
- Clear: 3636
- Hi: 8888
Tip 2 Never set your own number as an account recovery
Various services and social networks allow you to enter your phone number to be used in case of account recovery. Facebook, Twitter, Instagram, all of them end up validating via SMS, which leaves the account completely vulnerable when you no longer have access to the phone number.
Ideally, you should always set up another type of confirmation or place another trust number other than yours. Preferably someone who lives with you, such as a spouse or a family member. So, if your number is stolen, recovery notices will not reach it.
Tip 3 Always enable Two Factor Authentication
THE Two-Factor Authentication is an extra layer of security that Apple makes available on the iCloud account. With it, when you sign in to a device for the first time, you’ll need to provide two pieces of information: the password and the six-digit verification code that is automatically displayed on trusted devices. That is, even if the thief knows your password, he will not be able to log into the account.
On this Apple page you have all the instructions to activate on your account.
Oh, and activate the same kind of process across all of your email and social media accounts.
Tip 4 Don’t believe incoming messages
When you have your iPhone stolen, the victim always tries to cancel the line at a certain time and then go to the operator and get a new chip and, as in most cases, ask for the same line number back. It is very bad to change your cell phone number, as all your friends from years already have your number. Your entire calendar has that old number.
If you choose to reactivate the same line and the crooks have not yet been able to access your iCloud account, you will probably start receiving messages via SMS or via WhatsApp pretending to be from the police or Apple support. They will tell you that your phone has been found and that to find your location you need to access a link provided by them and enter your iCloud login and password. The goal is to get you to provide all the data for them (the famous phishing). This subject has already been widely publicized here at BDI.
Never believe this type of message. Apple will not contact you, and even if you enter, it will not be through WhatsApp. Read this other article carefully to understand well when this type of situation happens.
Tip 5 Put a strong password on your device
It has already been commented here on the BDI about the importance of not only putting a password of 4 or 6 numbers to unlock your device, as there are already devices capable of discovering these codes in minutes or hours. Although Apple is always fighting against this and has already implemented in iOS 11.4.1 more protection, it is always good to prevent ourselves as much as possible.
So, create an alphanumeric password (letters and numbers) that is easy for you to remember but not for the bad guys. Nothing obvious, of course.
These tips, for sure, will not leave you immune to all the possibilities involved in cell phone theft, but they will certainly protect you from most incidents. And never forget to register the Occurrence Report. It can be done online or by going to the nearest police station. This is important for investigation and for taking steps to decrease the statistic of stolen iPhones.
