iPhone Lost/ Stolen. Activation lock email. Can it be bypassed?

Question

Level 1

9 points

iPhone Lost/ Stolen. Activation lock email. Can it be bypassed?

Last week i lost my iPhone 7.

It was running out of battery so (I think) the phone was off when I lost it. As soon as I realised it was missing I went on Find My iPhone and put it on lost mode, entered the "this phone is lost+phone number" display message and told it to play a sound and to be notified if it was found. Since it was off, the dot was greyed out on Find My iPhone, and on the map it showed the last location it was connected at, but this was a few hours earlier when I still had my phone. The phone was connected to the campus wifi (eduroam), and also had cellular 4G connection.

The next day I received an email from apple (a legit email), from noreply@email.apple.com. It said:

"Activation Lock is requesting your password on Alba Fonseca Topp’s iPhone (iPhone 7). Find My iPhone includes Activation Lock, which ensures that nobody can reactivate and use your device without your Apple ID and password or your device passcode. If you are setting up this device, simply enter your Apple ID and password in the fields provided." The email does not require any information to be entered, it's a legit Apple email, not a scam email (see picture)

I want to know a few things.

Does this mean someone has my phone and is trying to enter it?
Even if the simcard is removed, my phone still has a passcode. Will it be able to connect to internet without filling in the passcode?
How was the activation lock email triggered if it is not connected to internet? If it was connected to internet, why did it not alert me that the sound was played or show up on Find My iPhone, etc?
Can anyone bypass the passcode and the activation lock?

And finally, is there anything I can still do? I'm hoping that if someone has it, they will realise the phone is useless to them (unless there are ways to hack around 1. the passcode and 2. activation lock) and that they will hand it in. Otherwise, if the email is automatic and does not imply someone has my phone, it might mean that it is still lying around somewhere and I should keep looking for it.

Thanks!

iPhone 7, iOS 12

Posted on May 21, 2019 12:22 PM

Reply

Answer 1

alba_ft Author

Level 1

9 points

May 21, 2019 1:31 PM in response to singh49asda

I am pretty sure it is a real apple email. All the links are legit. Plus, in this thread jpmmd72 mentions that he contacted apple about the same email and they confirmed it is genuine and did come from apple.

Reply

Answer 2

alba_ft Author

Level 1

9 points

May 21, 2019 2:04 PM in response to Philly_Phan

I'm quite sure it's legit.

2. If I hover over it with a mouse it is the same return address.

3. When I click "Forgotten your password?" or any of the other links it takes me to Apple Support pages

Here is the content of the email:

Find My iPhone includes Activation Lock, which ensures that nobody can reactivate and use your device without your Apple ID and password or your device passcode. If you are setting up this device, simply enter your Apple ID and password in the fields provided.Forgotten your password?

Learn how to reset your Apple ID password.

Have you given this device to someone else?

Learn what you can do to help them set up the device and what to do before selling or giving away a device in the future.

iPhone lost or stolen?

Put your device in Lost Mode to ensure it is clearly flagged as missing.

Reply

Answer 3

alba_ft Author

Level 1

9 points

May 21, 2019 11:56 PM in response to Branta_uk

Thanks for the reply!

I am pretty sure it is a real apple email. Like I said, the email does not require any information to be entered in any fields. Also, in this thread jpmmd72 mentions that he contacted apple about the same email and they confirmed it is genuine and did come from apple.

I think it makes sense apple sends an email like that. It informs me that someone is trying to enter my iPhone. Just like you receive an email when your Apple ID is used to enter a new device.

Reply

Answer 4

Philly_Phan

Level 7

20,707 points

May 21, 2019 1:54 PM in response to alba_ft

The return address of the message is not an Apple address.
If you hover over it with a computer mouse, you'll see a completely different return address.
Although I'll admit that it's totally illogical, they're banking of the fact that you will click on "Forgotten your password?" to see what's going on.

Reply

Answer 5

sergekills

Level 7

33,251 points

May 21, 2019 12:37 PM in response to alba_ft

Hello.

1) Yes

2) No. They might erased it with SIM off and then tried to set it up with a Wi-Fi connection and got to the Activation Lock screen.

3) No.

If you go to iCloud.com, click "FInd My iPhone", do you see it online?

Reply

Answer 6

May 21, 2019 1:09 PM in response to alba_ft

I don't believe that's a real Apple email.

I've never seen it before and it makes no sense. The reply to address can be spoofed.

I can't see the value of this message. If you don't have the device in your hands, why would Apple be telling you it's waiting for your password? Is that name you had entered for your phone? Where does that "Forgotten Your Password" link take you?

The language "ensures that nobody can reactivate your phone" is not a phrase used by Apple to describe activation lock.

They say "use your phone if lost or stolen" and "keep your information safe"

Having said this, I don't what the phishing goal is. Very odd.

Reply

Answer 7

May 21, 2019 1:11 PM in response to alba_ft

They erase it using iTunes. This removes the passcode, but does not defeat Activation Lock. The phone is useless to them. Be aware they may send you an SMS telling you it's Apple and they found your phone.

No they didn't. Apple does not find phones for their customers.

Reply

Answer 8

alba_ft Author

Level 1

9 points

May 21, 2019 1:34 PM in response to singh49asda

I tried replicating the situation with my old iPhone 5S. I signed in to it with my apple id, then turned it off, then put it on lost mode and told it to play a sound through Find My iPhone and all that. But then when I connected it to the computer, iTunes did not recognise the phone until you enter the passcode.

Reply

Answer 9

alba_ft Author

Level 1

9 points

May 21, 2019 2:11 PM in response to Philly_Phan

Yes exactly, I believe they are trying to enter my phone but I still wonder how the email was triggered without being connected to internet, and if it was connected to internet, why none of the other 'Lost mode' functions were triggered.

Reply

Answer 10

LACAllen

Level 8

43,422 points

May 21, 2019 2:48 PM in response to alba_ft

Not that it really matters but I agree the message from Apple is illogical.

If your phone was sitting at the activation screen, the phone is not running iOS yet. It has no ability to send messages of any sort to anyone. At that point it can only perform one task and that is get approval to join a carriers network. You haven’t signed in to an Apple ID yet.

Even if the activation server sent the email... why? You know the phone is missing. Telling you it’s been erased and attempts are being made to activate it is very un Apple. Very stressful.

i too have never seen that message referred to in the 100s of activation lock posts here.

If it’s legit and new, it’s nonsensical.

Reply

Answer 11

alba_ft Author

Level 1

9 points

May 21, 2019 3:29 PM in response to LACAllen

Thanks for your reply!

What do you mean by: "If your phone was sitting at the activation screen, the phone is not running iOS yet"

As far as I understand, the first thing someone needs is my passcode before they can do anything, right?

Reply

Answer 12

alba_ft Author

Level 1

9 points

May 21, 2019 3:32 PM in response to mdp1101

Thanks for your reply!

"If it’s never been activated yet, then the person probably can not activate it." Do you mean Find My iPhone? it was activated. And apparently Activation Lock is then activated automatically with Find My iPhone

And well my last backup was in December 2018

Reply

Answer 13

LACAllen

Level 8

43,422 points

May 21, 2019 3:37 PM in response to alba_ft

far as I understand, the first thing someone needs is my passcode before they can do anything, right?

Nope.

The activation lock screen appears after the setup assistant starts.

The setup assistant only starts after a device has been erased to REMOVE your passcode.

Your passcode prevents them from accessing anything on your phone. They would remove it to see if you enabled Find My Phone and therefore Activation Lock.

At that point, they have a useless device.

Reply

Answer 14

LACAllen

Level 8

43,422 points

May 21, 2019 3:51 PM in response to alba_ft

Yes.

That's why they are stopped at the activation lock screen. They need your complete Apple ID and current password.

The phone is incapable of doing anything beyond waiting for that information.

Lost Mode and playing a sound are simply ways to have an honest person return the device to you.

Reply

Answer 15

alba_ft Author

Level 1

9 points

May 21, 2019 4:03 PM in response to LACAllen

But lost mode and playing a sound will also only work once it's connected to internet again, which apparently it hasn't been yet.

And what about the email I received? I understand that Apple sends a message when my apple id is being requested for activation lock, but how was it sent/ triggered in the first place?

Reply

iPhone Lost/ Stolen. Activation lock email. Can it be bypassed?

Similar questions