How to be mean to some people that stole my phone

Question

My iPhone was stolen a couple of weeks ago and I started receiving the following messages on my recovery secondary number that I provided with Find My iPhone:

The URLs are:

https://apple.inc-view.us/?auth=3455
https://apple.inc-locate.us/verify.php?ID=&auth=325&vr=

And they mimic the interface of Find My iPhone where they're asking me for my Apple ID credentials. I logged into Apple ID and the phone hasn't registered since it was stolen.

Wondering if there's something I can do to track them down or be mean to them.

I’m curious how they would have got this number unless you’ve been the victim of a very targeted attack’s (I.e. iCloud account hacked and your phone stolen). — Darren, Jan 09 '19 at 07:25
So the thieves are sending you these spoofed messages to phish for your credentials? — henning, Jan 09 '19 at 13:42

score 48 · Answer 1 · answered Jan 08 '19 at 18:29

Offensive defense is the type of attack you are looking to perform. You have been the victim of a technological crime, you are the target of a phishing campaign, and you want to get even. This is a very normal response and I can tell you that many organizations, governments, and individuals attempt this on their own daily. There is a major issue with any type of non-legal recourse, however.

Due to the anonymity of the internet, and the relative ease of using a botnet to do malicious activity, it can be really difficult to assure that you only hurt the people you intend to hurt. In attacking an individual through a network relay, you may end up shutting down your own grand mother's computer which is less than ideal and totally irrelevant to the initial attackers. The only truly legal recourse is to co-ordinate with your local authorities and attempt to gain information back on the attackers.

If you can glean any information from your cowardly attackers that may indicate name or location you can use this to work with the authorities. Also, if the phone is on, you can still attempt to use the "Find My Phone" feature to track down it's current location alongside the proper authorities (I do not recommend confronting thieves on your own or without legal support).

In the end, it really sucks that you're in this position and I have compassion for you. Know that your options are limited, but do take advantage of the ones you can so you have the peace of mind knowing you did all you could legally do. That will be far better than putting your self in the position of risking jail time over a device.

There are a few cases where hacking back is actually practical and profitable. This just isn't one of them. — Tom, Jan 08 '19 at 22:55
On top of causing unintended collateral damage, there's also the risk of OP getting in legal hot water themselves for computer-related crimes. Not to mention the possibility of exposing themselves to the attackers *even more* (and giving them incentive to follow up) by revealing other devices / IPs they own. — Steve-O, Jan 09 '19 at 14:34

score 28 · Answer 2 · answered Jan 09 '19 at 01:14

28

I've just checked on Whois.us. Both domains are registered to the same person, with a stated address in London.

Try talking to the internet fraud team from your local police. Chances are they're overworked, but if they've got some free time then they may be able to go to TLDsolutions.com and trace the payments. For most countries this would be a dead loss, but US ISPs have to keep records and play nicely with police requests. So they may have screwed up by using a .us domain.

answered Jan 09 '19 at 01:14

Graham

581
3
7

lazy thieves making this too easy.... – sudo rm -rf slash Jan 09 '19 at 07:59
2

@Graham the fact the domain name ends in `.us` doesn't mean it has anything to do with the USA? Anyone can register any domain they want and locate the server anywhere they want in the world – User1 Jan 09 '19 at 08:47
10

@user1 Sure, but the provider who registered the domain is based in the US. Regardless of where the criminal's server is located, at some point they've had to pay a provider in the US to get that domain name. Which means there's a money trail from the criminal to the provider, and a provider in the US will honour requests from the police. Of course there are ways around that money trail - prepaid disposable credit cards are a thing, for example - but it's worth checking. – Graham Jan 09 '19 at 10:09
ahh that makes perfect sense. Thanks for clarifying – User1 Jan 09 '19 at 12:08
3

The attackers might have assumed that their details were protected by WHOISguard (which is enabled for free on all domains registered on namecheap (and other registrars)) but the `.us` TLD is actually __not__ eligible for whiosguard, for whatever reason. – undo Jan 09 '19 at 13:57

score 15 · Answer 3 · answered Jan 08 '19 at 15:56

15

Call the police and sue them in court! That will show them you can be mean. Moreover, it will be legal and you will stay out of trouble.

answered Jan 08 '19 at 15:56

A. Hersean

10,046
3
28
42

31

Sue who? He doesn't know who they are and the fake "Find my phone" messages won't help. He could try to get the phone location records from the phone company based on cell tower hits, but even if he finds the general location of the phone, he still has to find out who has it. He can call the police, but in my experience, there's little chance of getting them to investigate a single stolen phone. – Johnny Jan 08 '19 at 22:12
5

It's probably worth mentioning that the original question doesn't specify that the alerts are fake. At first glance this isn't obvious. – Tom W Jan 09 '19 at 10:11

score 14 · Answer 4 · answered Jan 08 '19 at 22:54

14

The attackers are skilled enough to not enable the phone and to set up a fake Find My iPhone site. This clearly shows they understand fairly well how the iPhones security features work and are trying to trick you into revealing the credentials that will let them get around those.

Unless you are highly skilled yourself, they probably have the upper hand in this. The fact that they reach out to you like that shows they are willing to take a (small) risk to get your credentials, so your best bet is to not give them what they want. It is unlikely that you will find a trick that they didn't anticipate, and more likely that in trying you would give them information they can use.

You should get the IMEI blacklisted, if you haven't yet. This is the best effort to make the phone useless for the thieves. With any luck, they'll ditch it somewhere, someone else finds it and turns it on, and it will show up on Find My iPhone.

answered Jan 08 '19 at 22:54

Tom

10,124
18
51

6

If you get the IMEI blacklisted, couldn't that prevent it from connecting to the internet and therefore prevent it from connecting to the Find My iPhone service? – Nonny Moose Jan 09 '19 at 00:07
1

It won't work on wireless, but unless I am mistaken, it should work on a Wifi and report in. – Tom Jan 09 '19 at 08:49
1

@Tom Don't you have to have access to the phone to connect it to a WiFi network? At least where I'm from, widely available open WiFi services that grant internet access without user interaction are not a thing. So the phone would very likely not find anything to connect to. – I'm with Monica Jan 09 '19 at 13:33
1

That could be true. I think you can connect to wifi from the swipe-upwards screen, but I'm not sure if it allows you to connect to a new network. – Tom Jan 09 '19 at 13:44

gatorback · Answer 5 · 2019-01-09T16:29:38.147

This message is coming from an 'abundance of caution' so that you understand that you may be engaging in something that may be dangerous (organized / violent criminals). The other postings indicate that the messages are from reasonably sophisticated thieves that are fishing for your info.

Escalating ("being mean") is potentially dangerous unless you are sure you understand who 1) stole and 2) has custody of your phone. There is a non-zero chance that they know who you are, since it is your phone. The phone may have been transferred to dangerous criminals. If you know someone at GCHQ, maybe they could take it on as a pet project.

It is understandable that you would like to get your phone back and even a little karma payback: your safer bet is to work with the authorities: just make it easy for the authority to catch the thief.

JimmyB · Answer 6 · 2019-01-10T11:27:18.030

Something you could do is to pretend to give them what they want. Go to their site and enter some fake credentials. They might grab those and try them on your phone or on a computer, which might reveal some information about them, like time and IP address of a failed log in attempt, maybe even location of the device.

Just be extra careful (isolated browser (in a virtual machine), plug-ins disabled, security settings to maximum, anti virus on-access scan enabled,...) when visiting their site to not fall victim to other malware they may be trying to push to you. (Not very nice, but you could use an internet cafe's computer for that. In the worst case, this computer gets infected, but since there's no personal data on it it's not a very big deal to just scrub it and put a fresh image on it; which they might do routinely anyway.)

Or use a text-only browser – Kelly S. French Jan 09 '19 at 15:57 — Kelly S. French, Jan 09 '19 at 15:57

How to be mean to some people that stole my phone

6 Answers6