What to do if your phone is stolen

[НСК-СБ]

Что делать, если у вас украли телефон

Собрались заказать еду или позвонить и вдруг осознали, что смартфона нет? В кармане пусто, в сумке тоже, друг не брал? Возможно, телефон украли. Но погодите паниковать. Даже если ваш смартфон оказался в чужих руках, есть несколько способов снизить ущерб.

Хороший сценарий​

Ваш телефон достался вору заблокированным, вся информация на нем зашифрована, а сим-карта защищена PIN-кодом. В этом случае следует:

• Воспользоваться сервисом поиска устройств (Найти устройство — для Android, Локатор — для iPhone), обозначить смартфон как пропавший, вывести на экран сообщение с номером, по которому с вами можно связаться, если смартфон не украден, а потерялся.
• Если телефон не нашелся, удалите с него дистанционно всю информацию и свяжитесь с оператором для блокировки сим-карты.
• Купите новый смартфон и восстановите данные из резервной копии.

После кражи сохраняйте бдительность. Воры часто используют тот самый резервный номер, чтобы с помощью фишинга или социальной инженерии выманить у владельца украденного смартфона пароль от аккаунта Google или Apple ID. Если это получится, они смогут отвязать аппарат от аккаунта, сбросить его и продать дороже, вместо того чтобы разбирать на запчасти.

Вот две реальных истории о том, как это происходит: с фишинговыми SMS якобы от Apple «ваш iPhone был обнаружен» и звонком от сердобольного сотрудника сервис-центра, если SMS не подействовала. Одним словом, к звонкам и SMS, связанным с украденным телефоном, стоит относиться с подозрением и держать в секрете пароль от аккаунта Google или Apple ID.

Плохой сценарий​

Со относительно хорошим вариантом мы разобрались, поговорим о более неприятном варианте: смартфон в чужих руках, и он не защищен — может, даже блокировки экрана на нем нет. Тогда действуйте быстро. Первое, что вам потребуется — другой телефон, чтобы сделать пару звонков. Можете попросить телефон у друзей, в транспорте или в магазине.

Заблокируйте SIM-карту​

Первый звонок — сотовому оператору. Сообщите об утере и попросите заблокировать SIM-карту. Тогда похититель не сможет выдать себя за вас — позвонить с вашего номера или получить SMS с кодом подтверждения для смены пароля или подтверждения какой-нибудь транзакции.

Предупредите близких​

Второй звонок — кому-то из близких. Объясните, что телефон украли, но вы в порядке. Попросите их предупредить знакомых о том, что с вашего номера могут поступать SMS или вызовы с просьбами выслать денег или вопросами, которые следует игнорировать. Можете попросить друзей опубликовать в соцсетях такое предупреждение.

Заблокируйте смартфон​

Для блокировки украденного смартфона нужен Интернет и (желательно) безопасное устройство, ведь вы будете вводить пароль. Возьмите у друга или коллеги доверенный девайс. Войдите в аккаунт Google или Apple ID. Если у вас установлена двухфакторная аутентификация, это может стать проблемой, ведь код подтверждения приходит в SMS или в приложении-аутентификаторе. Для устройств на базе Android существует процедура смены пароля без SMS. Для этого существуют резервные коды, которые вы получили при настройке двухфакторной аутентификации. На iPhone тоже можно восстановить доступ к аккаунту, отправив код подтверждения на доверенный номер телефона или устройство.

После того, как вы вошли в Google или Apple ID, сделайте следующее:

• Войдите в раздел Безопасность (Android) или в приложение Локатор (для iPhone) и найдите пропавший смартфон в списке устройств.
• Если смартфон включен и на нем активна геолокация, она отобразится на карте. Но даже если вы увидите, где находится вор, не пытайтесь его преследовать — лучше обратитесь за помощью в полицию.
• Выберите пункт Заблокировать устройство. Система попросит ввести сообщение для экрана блокировки и резервный номер, по которому с вами можно связаться. Теперь на смартфоне будет только это послание. Если телефон потерялся, нашедший сможет позвонить вам. Но будьте осторожны! Мошенники тоже могут выйти с вами на связь под видом сотрудников техподдержки в надежде выведать пароль к аккаунту.
• Если на устройстве есть конфиденциальная информация, вы можете её стереть в том же разделе. Учтите, что после этого отследить телефон не получится, а часть данных может все равно сохраниться на SD-карте.

Отвяжите карты​

Google и Apple могут предложить сделать это при блокировке смартфона с помощью функции Find My или Найти устройство, если нет — отмените привязку банковских карт в настройках аккаунта. Сами карты не нужно блокировать — конечно, если их не украли заодно с телефоном.

Для устройств Android:

• Войдите в аккаунт Google и перейдите в меню Платежи и подписки.
• Нажмите Настроить способ оплаты.
• Удалите свои банковские карты.

Для iPhone:

• Войдите в свою учетную запись Apple ID. Найдите украденный iPhone в разделе Устройства.
• Под списком карт нажмите Удалить все.

Добавьте смартфон в стоп-лист по IMEI​

В части стран можно не только заблокировать SIM-карту, но и внести украденный телефон в стоп-лист. Для этого оператору нужно сообщить IMEI — идентификационный номер устройства. Если вы не выкинули коробку, в которой продавался телефон, и она у вас под рукой, то этот номер можно найти на ней.

На Android его также можно узнать через сервис Поиск телефона.

• Нажмите на кнопку с буквой i в кружке около изображения вашего телефона.
• Код IMEI отобразится во всплывающей подсказке.

Для iPhone это можно сделать на сайте appleid.apple.com:

• Выполните вход с помощью идентификатора Apple ID, который вы использовали на украденном устройстве.
• Прокрутите вниз до раздела Устройства. Выберите свой iPhone и найдите его IMEI.

В теории, после того как оператор внесет IMEI в черный список, смартфон не сможет подключиться к мобильной сети даже с другой SIM-картой. Эта услуга доступна, например, в США, Великобритании, Турции, Латвии и некоторых странах Латинской Америки. В России ее пока нет, но, возможно, она скоро появится.

Что дальше?​

Вы сделали все, чтобы защититься от мошенников. Теперь можно заняться ликвидацией возможных последствий в более расслабленном состоянии.

Обратитесь в полицию​

Сообщите полицейским о краже, назовите мобильного оператора, номер и приметы телефона. Это может увеличить шансы на то, что смартфон к вам вернется. Уточните, куда вам нужно подойти, и напишите заявление. Иногда телефоны возвращаются даже спустя несколько лет.

Восстановите связь​

В России новую SIM-ку можно получить в салоне связи по паспорту или другому документу, удостоверяющему личность (если номер оформлен на другого человека, может потребоваться нотариально заверенная доверенность). В случае утраты она обычно выдается бесплатно. Условия перевыпуска SIM-карт зарубежных операторов отличаются в зависимости от региона. Присмотрите себе временный телефон или возьмите дома запасной смартфон, если он у вас есть, чтобы не оставаться без связи.

Смените пароли​

Постарайтесь сменить по-максимуму паролей, которые вы использовали в приложениях и браузере. После замены установите везде двухфакторную аутентификацию с привязкой к восстановленному телефону.

Верните свои данные​

Если до потери устройства вы включали на нем резервное копирование, то даже на полностью очищенном (и тем более новом) смартфоне можно будет восстановить все сведения, вплоть до SMS-сообщений.

Вот инструкции, как это сделать на Android и на iPhone.

Не расстраивайтесь​

Конечно, потеря смартфона — это серьезный стресс и угроза для ваших данных. Но если действовать четко, копировать данные и защищаться вовремя, можно обойтись минимальными жертвами. Не отчаивайтесь из-за кражи или утери гаджета, ведь главное — ваша личная безопасность.

Источник

 

[Матушкин Андрей Николаевич]

How my iPhone was stolen.​

Phishing, intrigue, investigation. And why I couldn't get my phone back with Find My iPhone.​

Russia, Moscow, in the midst of the FIFA World Cup. Five minutes after the start of the Russia - Spain match, right after I came to the bar to cheer for ours, my iPhone was stolen. And this story would be unremarkable and would not have got into this blog if it were not for the cunning tricks of scammers who got the hang of professionally stealing iPhones.

So, how it was:

• 17:00: The match starts.
• 17:01: I walk into a crowded bar in the center of Moscow hoping to find at least some free space, keeping my phone in my hands all the time - I had to tell my friend where I was so that she would come up to me.
• 17:07: my boyfriend asks me to call that very friend - and at that moment I realize that I have no phone.

At first, I tried to call my phone from another device - unsuccessfully: after a couple of seconds of ringing it was turned off. Then the realization came that my iPhone had been stolen. I have no idea how this could have happened: it seemed to me that I was holding the phone in my hands all the time, but, apparently, I put it in my pocket for a couple of minutes. Then I was looking for a security guard, got acquainted with the police representative who was on duty at the bar, and then I remembered: a stolen iPhone can be put into Lost Mode and tracked using the Find My iPhone app.

If someone steals your locked iPhone (on which you need to enter a pin code to turn it on), he can only demand a ransom for it or use it for spare parts. For an iPhone to be resold, it must first be unlocked. In the case of my iPhone X for this would need either my face , or a pin code, and after several unsuccessful attempts to unlock the iPhone, at first it does not allow you to try again for an hour, and then completely turns into a pumpkin - such is Apple's security system.

If you lose your iPhone, the aforementioned Find My iPhone application comes to the rescue, designed to find a lost or stolen phone. It is good because, firstly, the device can be immediately blocked and put into the lost mode - leave a message: “ This phone was lost. Please call me: number such and such " ... And secondly, you can see it on the map if it is turned on. We took advantage of this opportunity - what if the attacker wants to return the phone for a ransom, or will it be stupid to turn it on?

Phishing to steal your phone​

Then the most interesting thing began. An hour later, a message came to the number indicated in the loss report - like this:


ICloud-FMI Notice: Your iPhone X 64GB Space Gray was discovered on 07/01/18 at 17:54. The number of the SIM card has been determined. View iPhone geolocation by link. The latest location of your iPhone and information about the owner of the installed SIM card will be available within 24 hours. Copyright 2018 Apple Inc.
Take a closer look: does nothing bother you? In fact, a lot can be embarrassing: both the site address is unofficial, and the copyright is usually not written in SMS, and in general - why is it an SMS, and not a notification inside the Find My iPhone application? That is, this is phishing, but quite skillful. The attackers clearly know what they are doing: they send it exactly at the moment when the victim, most likely, takes some action to return the lost device, is nervous and is unable to think critically.

So it was with me. Yes, I work at Kaspersky Lab and am familiar with the word phishing. Yes, every day I write about various tricks and tricks of scammers. But at that moment I was nervous - and clung to any opportunity to find a phone, without thinking about what I was doing. At the moment when the ill-fated SMS came to the phone of my young man (his number was indicated as a contact), we were standing at the police station. The application had already been submitted, the police were ready to help us in any way they could. If they had information about the coordinates of the phone, the chances of getting it back would increase many times over!

Therefore, without thinking, I followed the link, saw the familiar iCloud interface and entered my credentials: login and password. Received a skip that the password does not work. She entered again - and again a miss. I clearly remembered the password, I could not make a mistake twice.

I switched to the Find My iPhone application, successfully entered it using my account - and ... did not see my phone in it. He just disappeared from the map and from the list of devices. And then I looked at the incoming message again and realized what had happened.

Using phishing SMS, scammers lured me to a fake iCloud website, where I entered my username and password for this service, in fact, giving them to the attackers. They received this data - and immediately turned off the device search function in my smartphone. They also got the opportunity to erase all information from my device via iCloud (for this, it is enough to enter the login and password from iCloud, which I just gave them). After going through the Hard Reset, they will have an almost pure iPhone X, for which they can set a new pin code and which can be resold at a high price at a flea market.

I changed the iCloud password as soon as possible, but it was too late. That's how I lost my phone and the ability to find it. According to Apple support, the Find My iPhone app is the only way to track a gadget, and if it's disabled, there is no hope.

What could have saved me?​

• Obviously, if I had not clicked on phishing links and entered data on phishing sites, this scheme would not have been possible. But, as my own practice shows, no one is immune from this: what I am aware of all sorts of deception methods - I still fell for it.
• And here is the inclusion two factor authentication for iCloud would save me even if I fell for phishing. I would give the scammers my username and password, but they would not be able to use them - they would need another device of mine to receive a two-factor authentication code. Moral: if you can enable two-factor authentication somewhere, be sure to enable it.

 

[Матушкин Андрей Николаевич]

How my iPhone was stolen, episode 2​

A new scam that unlinks a stolen iPhone from your Apple ID in order to sell it at a higher price.​

Almost a year ago we already wrote about how scammers can use classic phishing to untie a stolen iPhone from an account and subsequently sell it not as a "brick" for spare parts, but as a full-fledged used smartphone, which costs much more.

Last time, luck was on the side of the scammers, who managed to use phishing to extract the username and password they needed from iCloud. This time I will tell you about a more complex scheme for obtaining confidential data of the victim, as well as about Plan B, which, without exaggeration, can fall for almost all those who did not fall for Plan A.

Stage one: stealing an iPhone​

It all started corny: my colleague Anna forgot her phone on a sun lounger in a recreation area by the river. I returned after 20 minutes, but the phone was no longer there. No one around saw anything, and when you tried to call the number, it turned out that it was inaccessible. Anna, without delay, activated the lost mode from a friend's smartphone, where she indicated an additional phone number by which the finder could contact her.

A day later, when the hope for a call from the finder disappeared, and the phone, judging by the information from the Find iPhone application, remained turned off, she activated the mode of complete deletion of information.


The phone is still in the "Waiting for erasure" mode
This useful mode is needed in order to delete all information from the phone as soon as it connects to the Internet, and turn it into a "brick". But, apparently, the person who found the phone either turned out to be an expert himself, or, more likely, turned to “experts” specializing in unlinking Apple products from their owners' accounts. One way or another, since the moment of loss, the phone has not gone online for a second - accordingly, it was not possible to turn the iPhone into a “brick”.

By the way, although the device was protected by fingerprint recognition (Touch ID), access to Wi-Fi and mobile Internet could be disabled without unlocking the phone. To do this, it was enough to call the menu on the lock screen " Control point »Swipe upwards and turn on airplane mode.


By default, Control Center is available on the lock screen
For two days, the phone's SIM card continued to work, and the fraudsters had time to use it and find out Anna's phone number. On the third day, the old SIM card was blocked, a new one with the same number was released, and Anna inserted it into the new phone.

Stage two: phishing SMS​

On the fourth day, the scammers began work to bring the stolen iPhone into a marketable state and launched a standard scheme to unlink the Apple ID account. First, they made several calls from a phone number allegedly from the United States, while trying to pick up the phone and talk on the other end there was silence.


Verification calls from scammers. Number spoofing is easily done using IP telephony
All this was done to make sure that the SIM card was restored, the number is active again and you can work with it. Immediately after the last call, Anna received an SMS that her phone went online and was discovered.


Phishing message that the lost iPhone went online
The scammers have been very creative in creating a phishing message. In order for Anna not to recognize the deception, they sent a message from the service, where you can replace the sender. They also registered a domain very similar to the real one. If you enter the address manually, you will be taken to a non-existent page. And when you click on the link, you are redirected to a phishing site. What's the secret?

The fact is that the ic l oud.co.com really exists and belongs to Apple, but in fact, it is not he who is registered in the SMS, but ic i oud.co.com, only the i, written in uppercase, looks like a small L. After clicking on the phishing link, a redirect occurred, and Anna got to a well-made phishing page offering to enter the Apple ID and then the password to find the missing phone. On this page, an attentive and tech-savvy person will notice that the website address has changed and the data is not sent to Apple at all.


This is what a phishing page looks like if you open it in a mobile browser
Interestingly, the page looks different depending on what device and through which browser you visit it. Most likely, cybercriminals use this site for different phishing schemes tailored for different platforms.


Desktop version of the same phishing page
Anna did not fill out the phishing form, as she immediately realized that the service was not real. In addition, in the Find iPhone application, the phone has remained offline and has not been online since the moment of the abduction.

It could have ended there, but by not unlinking the phone, the scammers are losing too much in resale value. So they used plan B.

 

[Матушкин Андрей Николаевич]

Stage three: call a "friend"​

Three hours after the phishing message arrived, when it became clear that Anna would not enter her data, she received a voice call. The caller introduced himself as an employee of the service center, named the exact model and color of the phone, and then asked if she had lost it. He further said that he had the phone at the moment, and in order to pick it up, he had to come to the Mitinsky radio market.

Anna said that a phishing attack had been carried out a couple of hours ago, and began asking reasonable questions: how did the caller get the phone, where he got her number and was he a fraud. To this the stranger sternly replied: "If you don't need a phone, you don't have to come." And then he added that suspicious people brought the phone to the service center, that the center's specialists checked it in the database and saw that it was listed as missing. In the same (magic, not otherwise) base, the hostess's phone number was indicated, and she has an hour until they return for the device.

Let's pause to explain a couple of technical details. To understand that the phone is listed as missing, you need to turn it on. Then it will display a notification of the loss with a phone number by which you can contact the owner. Anna did not indicate her number for communication, since her number at that moment was blocked, and the SIM card was reissued. Accordingly, her number could not get into any "base".
In addition, during the conversation, Anna checked whether her phone appeared on the network. Seeing that he never went online, she told the caller about this, to which he thoughtfully said that, perhaps, they had already managed to change the Apple ID. If we put aside emotions and psychological pressure, even at this moment it would be possible to understand that the caller is a fraud. But back to how events developed further.

So, then the employee of the service center said that they had no right to detain customers and would give the phone back on demand. They also asked to call and warn if it would not be possible to get to the market in an hour. They also asked to take a phone box and a passport with you. The trick worked - Anna took friends for safety net, called a taxi and rushed for the phone. The road to the market was thirty minutes, and she was not afraid to be late.

After some time, already on the way, Anna called the "service center employee" again to find out how things were going there. He asked to open the Find iPhone application and began asking many questions about what she sees there, what color is the ball next to the phone icon, and simply spoke his teeth, depicting violent activity.

When Anna said that she was arriving, he asked her to go into the cloud again and check if the device had appeared there, and then asked her to press the “delete” button so that when the warning message appeared, Anna said what exactly it says - “ attached "or" associated ". Anna pressed the button, saw the warning and said that it says "associated". The “employee of the service center” happily said that everything is clear: the phone was untied from the cloud, and in order to re-bind it, you must click on the confirmation of the deletion, and then it will reconnect.


Never remove your stolen iPhone from Find My iPhone!
Anna, of course, did not do this - despite the stressful situation, she remembered that under no circumstances should the phone be unlinked from her account. Therefore, she said that she would sort it out on the spot upon arrival.

A few minutes later, the scammer called again and used the most effective social engineering trick known to him - he put the victim into a state of panic and a limited time limit, claiming that they had come for the phone and had to decide here and now.

In the background there was a characteristic sound of a public place, noise and voices asking "how is it there", while the fraudster himself, answering them "yes, guys, just a couple more minutes", continued to insist on removing the phone from the cloud. Anna said that she was already approaching and that she had called the police, and they were on their way. To which he assured that he would give them all the data from the cameras, but he gave the phone to the clients and could no longer delay them.

Of course, upon arrival at the Mitinsky radio market, Anna did not find pavilion 51. Moreover, later the local district police officer assured her that such a pavilion does not exist and that this is a common story - the scammers in their legend for the owners of lost and stolen iPhones do not even change the pavilion number. Then the district police officer told the whole scheme in detail, exactly as it happened with Anna.

After that, the scammers did not get in touch, but phishing messages arrived for another four days. Apparently, the scammers continued to hope that Anna would still give up and enter the password.


Phishing messages continued to arrive for a while
As a result, Anna was unable to get her iPhone back. But she never succumbed to the tricks of the scammers: the phone remained tied to her Apple ID with the full deletion mode activated - the first time it was connected to the Internet, it would turn into a “brick”. So selling it as a full-fledged iPhone will not work, the thief will have to sell it for parts.

What to do if iPhone is lost or stolen​

In conclusion, some tips on how to behave if your iPhone is lost or stolen.

• Most importantly, turn on Lost Mode in Find My iPhone as soon as possible.
• Do not forget to apply to the operator to block the SIM card. Especially if you did not specifically protect it with a PIN code (as a rule, by default, the PIN is either disabled, or something simple, like 0000).
• As soon as it becomes clear that the phone will not be returned to you, activate the information deletion mode.
• SMS and even more so voice calls can be faked. If the information from the messages does not match the picture that you see in the Find iPhone application, this is a sign that they are trying to "cheat" you.
• Messages from the Find iPhone service are duplicated to your email. If there is nothing in the mail, then the SMS is most likely fraudulent.
• Do not enter your Apple ID and password on the page that you came to via the link from the SMS. Better to manually type in the address icloud.com , properly check that you have not sealed - and only then log in.
• Most likely, the scammers will try their best to rush you so that you have no time to think about inconsistencies. This is a standard trick - try not to give in and stay calm.
• And in any case, do not remove your phone from the Find iPhone application, no matter how scammers push you to do so.

Как у меня украли айфон, вторая серия

Новая мошенническая схема, с помощью которой украденный айфон отвязывают от вашего Apple ID, чтобы продать его подороже.

www.kaspersky.ru

 

[OldWhiteCat]

There is a WinAuth app. It is under Windows. This is the same 2FA as in the phone. For an ordinary peaceful life, an authenticator is not needed in the phone ... This is a helluva lot of greasy gift for a thief or someone who finds the phone

 

[Частный детектив. Армения. Ереван.]

Once my phone was stolen, I called my number, but the sim card was already broken and thrown away

 

[Частный детектив Донецк]

I did not know about all these ways to return. Thanks for the article)

 

[Zetetic]

Interesting article.

 

[Kiril Harchevnikov]

And you divided the article on the script) Which is good.

 

[David Mamedov]

I will now know what to do in such a situation.