This Week's Sponsor:

Winterfest 2024

The Festival of Artisanal Software


Stolen iPhones and Identity Theft

Joonas Kiminki got his iPhone stolen in Italy last month. After a couple of weeks, he received an email saying that the device had been found. The email turned out to be a well-designed, meticulous phishing attempt:

What strikes me the most is that everything seemed very “right” and professional. The email and the website content looked great, my phone really was an iPhone 6 and they even got the timezone right in the email.

The email raised no alerts on any email client I use, including Google Inbox, mail.google.com and Apple Mail. No web browser, mobile or desktop, show any alarms on the fake site. Google.com knows virtually nothing about the site, the email address or the (probably fake) US phone number the SMS was from. Very well done.

This is exactly what happened to my mother last week. Her iPhone was stolen in Italy in June, and after a month she received an email and SMS (in Italian) telling her that the iPhone had been located. Fortunately, she called me before entering her Apple ID credentials (she was about to).

Clearly, a criminal organization in Italy has set up an entire system to scam owners of stolen iPhones. I’m surprised that both Apple and Google are failing to recognize these email messages as spam.