Whether you’ve already reported your iPhone stolen or you’re trying to safeguard it, it’s good to understand what thieves will do when they get their hands on it. A common phishing scam is designed to trick victims into giving away their Apple ID login credentials, thus enabling thieves to unlock their stolen device.

Apple iPhone X Display Unresponsive
Image Source: Apple.com (screenshot)

What’s worse is that often, it isn’t just the iPhone itself that’s gone because many who had their iPhone stolen also fall victim to cyber-crime.

iPhone stolen: when physical theft meets cyber-crime

Thus, understanding what all the thieves might be up to can help keep that ultra-expensive, rare and in- demand iPhone X secure. The iPhone X has been in such high demand that it’s an extremely hot-ticket item right now, and that’s unlikely to change before Christmas.

Experts at Trend Micro, maker of many reputable cyber-security software programs, published a report on how having an iPhone stolen often goes beyond physical theft and enters into the cyber arena. In fact, the firm has found several tools that thieves use to unlock Apple devices that have been lost or stolen. Cyber-criminals tend to use AppleKit, MagicApp, and even “a cybercriminal version of the Find My iPhone API,” along with other “services” and “phishing kits.”

Using such tools, thieves are able to hijack victims’ iCloud accounts and other Apple services that are tied to the stolen device and then reactivate them so that they can be sold through various online marketplaces.

Getting around Apple’s protective measures

Apple has introduced several security measures to assist those who had their iPhone stolen, and it’s essential to actually use these measures. For example, linking your iCloud to your Apple ID will enable you to lock your device via Apple’s Find My iPhone feature, so it’s still best to do that because it could deter the average thief with no technical knowledge. Locking the iPhone will require a password in order to reactivate it.

Find My iPhone can also now track the device via GPS and show its approximate location on a map. Apple also added Activation Lock to try to prevent stolen iPhones form being erased and re-sold. However, Apple’s security features are only the first step to protecting your iPhone. Education is the next step, especially when it comes to protecting your Apple services such as iCloud, and Trend Micro experts are trying to help us out.

Phishing attack simulation

Even if your iPhone wasn’t stolen, thieves can phish for your Apple ID credentials. The firm said some victims receive a phishing text which redirect them to a webpage that looks legitimate and asks for the Apple ID. Trend Micro worked with one victim who reported his iPhone stolen on the streets of Brazil and then went to purchase a new iPhone. He received the phishing text shortly after activating Apple’s Find My iPhone feature on his new iPhone.

Here’s how the scam worked:

iphone stolen
Image Source: Trend Micro (used with permission)

If the victim had fallen for the phishing part of the scam, the thieves would’ve gotten his Apple ID login credentials, which they could have used to unlock the iPhone they stole and delete his account from it. They could also download the entire iCloud account for other malicious purposes and then delete it.

Other ways of tricking victims who had their iPhone stolen

That’s only one way thieves can trick someone who reported their iPhone stolen. Trend Micro uncovered an entire industry involving services offered to thieves, so even those without technical know-how can pay to have a stolen iPhone unlocked. These services are much cheaper than actually buying an iPhone, so the thieves still turn a profit after paying for it to be unlocked.

One of these services, MagicApp, sends phishing texts or emails that appear to be from Apple, sometimes revealing a fake map location that leads the victim to believe that their lost iPhone has been found. Of course, they have to log into the phishing website to get this fake location—giving their Apple ID credentials away in the process.

It’s just never a good idea to tap on a link received in a text or email and then enter your login credentials. Go directly to the official website yourself and log in there to see whether there’s a real message, or call Apple’ customer service to check on it.

Was that iPhone stolen?

If purchasing a secondhand device, it’s important to do your research before handing over your hard-earned cash. Research the seller and also check the IMEI of the device you’re thinking about buying. The Cellular Telecommunications Industry Association created a website that will let you and law enforcement check to see if that iPhone was stolen.

Trend Micro also says that the Find My iPhone historical data for each device is kept in Apple’s databases, which is another preventative measure. The firm also recommends taking advantage of every one of Apple’s security features in addition to being vigilant while safeguarding your device’s physical safety.