What should you do after losing your iPhone? Almost all search engine results will advise you to turn on the “Lost Mode” immediately.
I don’t doubt it – there might be some lucky guy getting his phone back by using the Lost Mode feature in the entire history of shit-I-lost-my-iPhone. Good for them! What I want to point out here is that, turning the Lost Mode on, especially with some contact information (such as “please contact xxx in case you find this phone”), can potentially get you into even deeper trouble. Care to know more? Read on.
We lost our old iPhone about 3 weeks ago, turned on the Lost Mode (and eventually changed it to remote erase few days later). We never hope to get it back, only wanted to be sure that no private information was left on the phone.
Nothing happened for the next 3 weeks. The phone was always displayed as “offline” and pending to be erased on iCloud. We were convinced that it must have been wiped clean by its new “owner” off the grid. And we received this email yesterday.
Following the link, we were brought to the a site which looked exactly like the login page of iclould.com, except that it is not iCloud. Its full URL (not shown in the screenshot) even contains the IMEI number of our lost phone. This is… really creepy.
I am extremely glad that I took a second look at the URL and sender’s email address, and I would imagine how many victims could have fallen into this trap and lost invaluable private data. We simply can’t be careful enough.
After more or less confirming it’s fake, I did the following. First, using directly iCloud.com to check the status of the iPhone – it’s still offline. Second, reporting this phishing attempt to Apple and Google. Then I went back to the phishing site, keyed in a wrong password, and logged off from my computer.