Fake emails to discover iCloud passwords are getting more sophisticated

Fake emails to discover iCloud passwords are getting more sophisticated

When a thief steals an iPhone, he can turn off the device and not be located by Search My iPhone. However, Apple makes it impossible for the device to be restored without knowing the iCloud password, through the Activation Lock.

Therefore, it is very common for victims, in the days following the theft / theft, to receive fake SMS messages and emails, as if Apple were notifying them where the device was found. In the fragility of the moment, users end up being deluded and accessing clones from the iCloud website, thus providing the passwords that bad guys need.

And these scams are getting more and more refined, putting even the most experienced iPhone users in doubt.

Last week, our reader Eduardo wrote to us telling his story. In December 2016 he suffered an armed robbery and his iPhone was taken. But only in the past few days has he received several messages saying that his device had been found and asking him to log on to the site to check its location.

The first message was by the application Whatsapp, something very unlikely to come from Apple. That alone was enough to turn on the alert. However, afterwards the contacts started to become more refined.

A first email was sent to Eduardo’s iCloud email address. What is surprising is the details, which make it identical to an email from Apple, including all the information and features of the device.

Although graphically identical, what should be noted is the return address, which has nothing to do with Apple.

The remaining links lead to a clone page of iCloud, so that the victim tries to connect and provide his data to the bad guys.

This is called phishing, when someone sends you an email impersonating another person or entity, to try to get passwords and other sensitive data from you.

As Eduardo did not fall for the scam, a week later they kept trying, this time with an email saying that he had received a 50 dollar gift card. The look, again, identical to Apple’s communication standard.

Note that, once again, the detail that allows us to understand the fraud is the email of the sender: despite the reference appearing itunes.store.support.giftcards, the rest of the address comes from a non-Apple domain.

Therefore, it is very important to always emphasize the care when receiving sensitive emails, especially after a theft or theft. The bad guys will always do anything to trick you and take advantage of a moment of fragility to apply blows. Even Apple has already published a support page recommending tips for not falling for attempts to phishing.

Share this article with your friends and family, so that the largest number of people can be aware of this type of scam. Information is our best weapon against this.

Original content © iPhone Blog