Losing your phone is bad enough, but hackers are finding tricky new ways to snag your personal information when you're trying to get it back. Engadget reports that muggers used a phishing scheme to try and get data from a couple in Brazil.
After a woman had her phone stolen during a mugging incident, her husband, Edu Rabin, used the usual methods to try and find her iPhone. He turned used the Find My iPhone app and located the stolen phone. That's when things got fishy. After he had sent a few messages to his wife's phone offering up a cash reward for its return, he got an unexpected string of responses.
"I’d sent a message with my phone number saying, 'Dear mister robber, since you can’t really use the phone, I'm preparing to rebuy it from you. All my best!'" Rabin explained to Krebs On Security, a cybersecurity blog. "This happened on Saturday. On Sunday, I'd checked again the search app and the phone was still offline and at [the] same place."
The next day, Rabin got text messages from an unknown source saying that it had found the phone. All he had to do to get it back was click on a link and log in. After following the directions, he landed on what looked like Apple's official Brazilian website — except the URL was off. It showed that the site was on a public hosting service. Rabin didn't log in with his Apple credentials, but he could see how the lookalike site could trick anyone unfamiliar with phishing schemes.
That's not all. After a few days, Rabin received calls from a faux Siri directing him to login to the phishing site again.
"It came from a strange number and a voice sounding like Siri or the [Google] Waze voice, informing me that my iPhone had been found and to look for my SMS for more info," Rabin continued. "That's when I thought I had to tell this story to someone. To me, it really got to another level, connecting the lowest kind of criminals to a high profile one (probably went to school and college) that can buy (or even create) this kind of scam."
Rabin wanted to share his story so that others could recognize the phishing scheme and not fall prey to would-be hackers. Engadget adds that it's always a good idea to keep the Find My iPhone app handy since it can wipe your phone (and personal data) and lock it remotely. If you're not sure how to recognize a phishing scheme, we've got you covered.