The old scam. Apple itself has already warned of this and in May 2015 (!) We recorded the case of a specialized gang arrested in So Paulo.
But, as we have not touched on the subject for a long time and similar cases continue to pop up all the time, it does not cost us anything to “revalidate” this alert.
Basically, what happens that criminals try to take advantage of despair of someone who lost or had their iPhone stolen / stolen and is trying to recover it using the Find My iPhone app / feature to deliver a scam like phishing. This means that he is only successful if the user himself does not pay attention and is deceived by something false that appears to be real.
In the case of iCloud / Find My iPhone, the most common form of attack via SMS. Here are a few varied examples:
It is quite common for these messages to have Portuguese errors. Stay tuned!
The person then jumps with joy thinking that he can recover his iPhone, clicks the strange link, fills in his iCloud login / password and only then realizes that it came to nothing. A, it was enough time for the criminals to change their password and get definitive access to the device.
And do not think that experienced users would not fall into the trap easily, because at least the attack sites are nowadays practically identical to the real ones:
The jump of the cat, as always, is in the URL of the page. They usually include the word icloud in some piece of the link, but the domain itself is far from the official one. When in doubt, always close your browser tab / window and manually open the apple or icloud websites when accessing your account.
Another very simple reminder of this whole story is that Apple just * doesn't * send SMSs when lost iPhones are found by iCloud. As she explains in this support article (emphasis added):
If your device is online when you put it in Lost Mode or lock it, it will be locked and tracking will start (if applicable). If Location Services are disabled on the device, they will be temporarily enabled to track the device's location. A confirmation email is sent to your Apple ID email address.
Another very important tip that you activate immediately two-factor authentication to your iCloud account. This way, even if someone finds out via phishing or not your login and password, not having access to the account without an authorization device.
We recently published a video about this:
We also have another story that details how lost / stolen iPhones tend to be unlocked, worth reading!
If you never fell for such a blow, great! But always be aware because, in a tense moment, we sometimes screw up. And be sure to share these tips with relatives / friends, as some of them may not be as attentive as you are.