Cyber crooks are targeting iPhone users who have had their phones stolen with a phishing scam.

As if having your iPhone stolen wasn’t bad enough, the hackers tried to steal your iCloud login details. Then they could have access to your personal data.

How a phone got stolen twice?

Recently, a woman shared her experience on the internet: how her phone got stolen twice. When she found she had lost her phone, she called it from another device. She realized it was stolen after the ringing was cut off. Then a happy thought hit her: The Find My iPhone app.

As we know, if your iPhone is lost or stolen, the Find My iPhone app can help you get it back. The app is handy because you can use it to lock the device and enable Lost Mode with the message: This iPhone has been lost. Please call me. [phone number] Not only that, you can see the phone on a map (if it wasn’t turned off).

That’s what she did: enabled Lost Mode and traced the missing device. Later she received a seemingly legitimate text message with a link to what looked like the familiar iCloud interface. She entered her login and password on the fake page. As a result, criminals accessed her account and wiped her stolen iPhone clean. Her phone simply vanished from the map in the app.

Tricks of cybercriminals

You may say, the entire case could’ve been avoided had the woman simply recognized the telltale signs of a phishing attack. Nevertheless, criminals do have the ability to create phishing sites that can trick even the most cautious of users.

According to Forbes, the scammers can use a technique called a homograph attack to make their phishing sites’ URL look legitimate — no misspellings or subtle typos necessary. All they need is for certain letters to have a Cyrillic equivalent.

Security suggestions

Since 2017, many victims have suffered from this kind of combination of physical theft followed by a phishing attack. Smart phones contain a wealth of personal information and access to several social media, email, messaging, and financial accounts. Therefore, we users should take precautions to protect our phones and data.

We should remain wary of phishing red flags and enable security settings for our devices and apps. We should also pay attention to the physical security of our mobile phones.

Moreover, a victim, whose cellphone was stolen earlier, may receive phishing emails after the thieves gained access to his social media account. Thus, we recommend you to try Mr. Post. Mr. Post, an add-in for your Outlook, inspects links in your emails. It also scrutinizes what the site behind the link looks like. If there is a risk of being phished, Mr. Post will warn you.

Install Mr. Post for free. Available on Microsoft AppSource.