iPhone Lost/ Stolen. Activation lock email. Can it be bypassed?

alba_ft wrote:

I'm quite sure it's legit.

2. If I hover over it with a mouse it is the same return address.

3. When I click "Forgotten your password?" or any of the other links it takes me to Apple Support pages

[snip]

I would treat this as highly suspicious, about as suspicious as a masked guy with bag marked “Swag” loitering outside a bank. If the email includes fields to enter your details I am am pretty sure the email is a scam. Any fields you are offered to enter details will go to a completely different non-Apple address owned by account thieves.

You can report the suspicious email to Apple at reportphishing@apple.com but I’m not sure if they will respond to confirm genuine or fake.

Apple ID with a reasonably good passphrase is effectively unbreakable for most thieves. The only known way is a brute force attack so first they try all the obvious popular ones like 1234 and Password1234 but if they fail on that a simple 6 character string has roughly 90^6 = 500 billion possible variations to keep them busy with trial and error for a while. That’s why they resort to phishing.

Apple will never ask by email for authentication details or passwords. That’s DOES NOT, NOT EVER, just like your bank will never ask for your online login and complete password to be sent to them. The only time Apple requests your Apple ID or password is in a secured web login page (https and closed padlock symbol) like you see when you sign on to post here, in a login challenge you triggered, are expecting, etc. During setup you would expect to enter your Apple ID directly into the device, not through something sent by email.

Setting up the email with links to Apple support documents is a simple no brain task even I can manage many times most days. In fact, here’s one which might be relevant to your questions, Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams - Apple Support - and that is a genuine Apple link we use regularly here in the support communities.

Yes, adding links makes the scam email look authentic and by the time you come to the trap you are already conditioned by previous checks to think everything so far is genuine Apple.

On the remote chance it is genuine, it would imply the thief has probably wiped your missing device using iTunes and is trying to reconfigure it but hit the Activation Lock wall. Ignore the message because you don’t have the device in your hand, and whatever else DO NOT REMOVE IT from Find my iPhone or your Apple ID collection of known devices.

Hello.

1) Yes

2) No. They might erased it with SIM off and then tried to set it up with a Wi-Fi connection and got to the Activation Lock screen.

3) No.

If you go to iCloud.com, click "FInd My iPhone", do you see it online?

1. The return address of the message is not an Apple address.
2. If you hover over it with a computer mouse, you'll see a completely different return address.
3. Although I'll admit that it's totally illogical, they're banking of the fact that you will click on "Forgotten your password?" to see what's going on.

far as I understand, the first thing someone needs is my passcode before they can do anything, right?

Nope.

The activation lock screen appears after the setup assistant starts.

The setup assistant only starts after a device has been erased to REMOVE your passcode.

Your passcode prevents them from accessing anything on your phone. They would remove it to see if you enabled Find My Phone and therefore Activation Lock.

At that point, they have a useless device.

Yes.

That's why they are stopped at the activation lock screen. They need your complete Apple ID and current password.

The phone is incapable of doing anything beyond waiting for that information.

Lost Mode and playing a sound are simply ways to have an honest person return the device to you.

Well done to find that thread amongst the millions and post that link. With that... I am suspicious by nature so I would still be making exactly the same check for my self, direct with Apple.

Unfortunately, one way or the other, the email probably means someone tried to reconfigure your device so it is unlikely you will get it back. The good news part is probably that they already wiped it to try and reinstall for their own use, so any data it used to hold is safe.

I don't believe that's a real Apple email.

I've never seen it before and it makes no sense. The reply to address can be spoofed.

I can't see the value of this message. If you don't have the device in your hands, why would Apple be telling you it's waiting for your password? Is that name you had entered for your phone? Where does that "Forgotten Your Password" link take you?

The language "ensures that nobody can reactivate your phone" is not a phrase used by Apple to describe activation lock.

They say "use your phone if lost or stolen" and "keep your information safe"

Having said this, I don't what the phishing goal is. Very odd.

Adding: highly-respected? Moi????? I’m never going to live that down.

I figured that this thread needed some humor!

On the flip side, I can't see anything at all in that email that could benefit a thief.