User profile for user: fishhhcake
fishhhcake Author
User level: Level 1
12 points

Phishing SMS/text sent through APPLE

Hey all.


Just thought I'd bring this to your attention.


My iPhone 6S was stolen two weeks ago, and upon recovering my iCloud account this week I found multiple emails claiming my iPhone was found and that I should 'validate' my account as soon as possible. The link was to a non-Apple site, and I did not fall for this phishing scam.


I reported the fraud to Apple Support today, and minutes after my call I receive a text from Apple (yes, Apple! the same Apple SMS line where I receive my verification codes for logging into iCloud) saying that again, my iPhone has been found and that I should view the location of my device at a bogus-looking domain, and the SMS claims to be from Apple Support with a provided number given.


While I highly doubt that I will get my iPhone 6S back, I'm just shocked at how the hackers were able to get through to Apple's SMS services and send me that text 😮 Reported the SMS to Apple too, and sent a screenshot.


My Apple ID is still tied to my iPhone 6S, but I have no idea how the thieves were able to get access to my Apple ID without my passcode and the two-factor authentication (unless they bypassed this without my password!?).

iPhone 6s, iOS 10

Posted on Oct 19, 2016 8:24 PM

Reply
12 replies
User profile for user: LACAllen
LACAllen
User level: Level 8
43,590 points

Oct 19, 2016 8:57 PM in response to fishhhcake

Anyone with your phone number can send you an SMS. They don't need anything from Apple.


Apple does not send notifications when you phone has been found. By any means.


You and you alone mange the "Find My Phone " portion of "Find My Phone". Apple does not proactively look for lost or stolen devices.


Apple does not have a "validate" your account process. Those emails were bogus.


It seems you have a new phone. Does it have the same number as before?


People report these emails and SMSs daily. Most have never lost a phone at all.

Reply
User profile for user: LACAllen
LACAllen
User level: Level 8
43,590 points

Oct 19, 2016 9:17 PM in response to fishhhcake

Changed my mobile number. The SMS was sent as from 'Apple' to the number I provided in the 'Lost my iPhone' custom message. Reported both emails and SMS to Apple.


Then that would be from the "custodian" of your phone I would guess. They know they can't get past activation lock and are attempting to phish the password from you.


I still wouldn't think the code is genuine either. Did you make your new phone a trusted device for that Apple ID already? If not, Apple would have no "path" to get you codes yet.

Reply
User profile for user: fishhhcake
fishhhcake Author
User level: Level 1
12 points

Oct 19, 2016 9:26 PM in response to LACAllen

Yes, my new phone (dual sim, both new numbers) is already a 'trusted device' for my Apple ID after I recovered my Apple ID. Changed my trusted mobile number to a new number, then changed it again after I used the first new number as a contact number for the 'Lost my iPhone' custom message.


'Apple' sent the 'iPhone found' SMS to my first new number. It is no longer associated with my Apple ID, but is still on the custom message for my iPhone on Lost Mode.


And yes, I have been receiving legitimate verification codes on the new numbers (the first when it was still my trusted number but not anymore), or else I wouldn't go beyond the two-step verification of iCloud 🙂

Reply
User profile for user: LACAllen
LACAllen
User level: Level 8
43,590 points

Oct 19, 2016 9:35 PM in response to fishhhcake

I have twice already explained what I believe is happening.


Bad guys have your phone, YOU gave them a number, via Lost Mode, to contact you with. They have done exactly that, pretending to be Apple.


There is is little you can do now. Without your current password, they can't use your phone and they know this. This is why they are making the effort to phish that password from you.


You want to know how & why and I believe I've told you.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Phishing SMS/text sent through APPLE

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up