If your iPhone is ever lost or stolen, be extra careful about scammers attempting trick your Apple ID password from you. iPhone thieves reportedly have an elaborate system set up to scam this information, as it’s needed to make a stolen device much more valuable.

An iPhone can only be associated with one iCloud account at a time. This means a stolen device can’t be set up with a new account until the old one has been removed. Removal requires entering the Apple ID password.

Without this password, a device can only be broken up for parts. With it, the handset can be erased and sold for much more money.

Phishing for Apple iD passwords

Obviously, thieves are going to try to trick the owner of the device out of their Apple ID password. The best way to go about this is by phishing. 

This is a bit beyond the skill set of the typical mugger, but it’s possible to buy custom phishing kits. These are user friendly for the beginner criminal. “AppleKit and ProKit in particular are complete suite[s] for the beginner, with support, video, ticketing service,” security expert Davide Ferro told Motherboard.

There are also forums for thieves to share tips on how to trick passwords out of people.

So if you’ve recently lost an iPhone, be very careful about phishing attempts. Especially watch out for emails or texts claiming to be from Apple notifying you your device has been found and asking for your login credentials to prove it’s yours. It would be best to be wary of any messages that seem to be from Apple.

Just lock your iPhone

Of course, none of this matters if the whole device has been passcode locked. Open the iOS Settings app and then go to Touch ID or Face ID, depending on which model of iPhone you have. From there, set a password and enable fingerprint scanning or facial recognition. Not only will that prevent thieves from accessing the device in any way, it will even keep out police.

But again, don’t share this passcode with someone who claims to be from Apple and supposedly needs it to return your lost iPhone.  That’s just more phishing.

Cult of Mac