iPhone lost and been stolen then Weird SMS received from "Apple"

Question

Level 1

8 points

iPhone lost and been stolen then Weird SMS received from "Apple"

I am an company IT, recently a user lost his iPhone on a taxi and no luck to get it back. He had login Find my iPhone to track down but cannot locate it, so he issue remote wipe, and it did. We keep the device not removed from the list. However he received a SMS text as below:

【Find My iPhone】
User Full Name,
An iPhone bound to your Apple ID(userid@company.com)has been successfully connected to the network and is attempting to be activated. If this is not done by you in person, you are strongly recommended to access _http://www.Applefindst.com/us_ to view the location information and retrieve your device.

[Support from Apple]

He did visit the website and it redirected to iCloud.com, he login with password as usual but it said password incorrect.

When he report to me, I really doubt the domain is a phishing website to steal information. I changed his Apple ID password immediately.

And than start research on Internet, I found nothing when Google "Applefinst"
But found out the domain was just registered by a Company in China on 11-APR-2016

Domain Name: APPLEFINDST.COM

Registrar: SHANGHAI MEICHENG TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD.

Sponsoring Registrar IANA ID: 1621

Whois Server: grs-whois.cndns.com

Referral URL: http://www.cndns.com

Name Server: NS1.EZDNSCENTER.COM

Name Server: NS2.EZDNSCENTER.COM

Name Server: NS3.EZDNSCENTER.COM

Name Server: NS4.EZDNSCENTER.COM

Name Server: NS5.EZDNSCENTER.COM

Name Server: NS6.EZDNSCENTER.COM

Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Updated Date: 11-apr-2016

Creation Date: 11-apr-2016

Expiration Date: 11-apr-2017

A recent 1 year registration.

That registrant address has been used for 4890 domains in the past.

The registrant email has been used for 41 domains in the last couple of months.

Ref: "https://www.scamwarners.com/forum/viewtopic.php?f=10&t=93106"

When browsing "http://APPLEFINDST.COM" it redirected to "http://APPLEFINDST.COM/findIr2xq.html" with Java Script and redirect again to "https://www.icloud.com/"

I am not a programmer and not known about Java script, but I am really worry about this website is not officially from Apple and might harm to others people.

Hope that Apple Inc. will follow up on this!

Thanks,

Peter

Posted on Apr 14, 2016 12:07 AM

Reply

Answer 1

seventy one

Level 7

27,476 points

Apr 14, 2016 12:40 AM in response to Peter Melon

Report the matter to reportphishing@apple.com. That is as direct a link as possible. Whether Apple respond to such messages I do not know, but if something has serious potential, I imagine they may.

Reply

Answer 2

Peter Melon Author

Level 1

8 points

Apr 14, 2016 12:41 AM in response to seventy one

Thanks Seventy one, I have sent this to report! Thank you!

Reply

Answer 3

seventy one

Level 7

27,476 points

Apr 14, 2016 12:55 AM in response to Peter Melon

Happy to have helped, Peter. I added the proviso that Apple may not reply because more often than not in other areas, that is the case. But as this has a security link, they may come back to you. It is a scam because Apple will only address the owner by their name and apple messages always come from an @apple.com address.

Thank you for the star.

Reply

Answer 4

Peter Melon Author

Level 1

8 points

Apr 14, 2016 2:38 AM in response to Peter Melon

You are correct, that's what I doubt when that is not from @apple.com

I checked with the user again and the message was sent from apple.iphone.imssage.adminl@iphone-iose.cc
Obviously is a fake one to do phishing, what unlucky is the lost iPhone activation lock now have been released to turn off and removed from the Find my devices list, others user now able to use it as a new phone... 😟

Reply

Answer 5

fromsouth

Level 5

4,945 points

Apr 14, 2016 4:47 AM in response to Peter Melon

At the risk of sounding cruel "safety of the swimmer is in his/her ability to swim"(that was a saying where I was born). Apple can't possibly close all domains in China/Russia/Argentina.

Education is the key, education to swim or browse the internet. I have seen icloud.com website imitations that would easily mislead me or anyone else for that matter.

Reply