How my mobile phone was stolen - and what I learned from it

About two weeks ago, something very strange happened to me. I was in my office just finishing my day, when a strange man suddenly stood next to me. (I‘m renting a small office space which has a front door that was not locked at the time.) He was talking to me in what seemed to me was Italian, he was quite agitated and tried to show me a newspaper clipping. I got up, tried to talk to him, while he was getting closer to my desk, apparently wanting to show me something on my notebook. Half a minute later he gave up and walked out. As I followed him, I could make out the word ?train station“, gave him directions and went back to my desk. It took me another two minutes to realize my private iPhone was gone. Typically, I keep my two mobile phones next to me along with my wallet - and one wasn‘t there anymore.

Holy crap. First thing I did was open up Apple‘s ?find my device“ feature, but apparently the phone had already been taken offline, so no luck there. I marked it as lost and activated the remote device deletion. Next thing was calling the police (I still had my second phone), who arrived about ten minutes later, asked me to describe the thief, took a few data like the IMEI number of the stolen device (which I could still access via aforementioned website) and promised to take ?a look around“. Next thing was calling my mobile service provider Telekom to get my SIM card locked (which was way too easy, nobody really asked me about proper identification).

About half an hour later I received the notification that my iPhone was now deleted, which felt reassuring. I knew that I had activated iCloud backup, I‘ve got a strong Apple Id password along with 2FA for important services, so I felt relatively safe.

Next thing that happened was that my wife received strange looking text messages from a US number on her mobile phone (see screenshot). They said something like ?we found your phone, click this link to re-activate“ and contained my name as well as the original specs of my device. The URL looked spammy, and sure enough when I opened the website, a very well-done copy of an Apple page appeared, ready to catch my credentials (which of course I didn‘t enter). A little while later, my wife received a few Facetime calls which we didn‘t answer, and those calls and text messages were going on for a few days. I just learned a few days ago that my parents got strange calls on their landline, where an automated voice asked for my Apple id.

The new SIM card arrived a few days later. I got myself a new iPhone from a local retailer, restored the iCloud backup and now I‘m kind of back to normal again.

What was going on?

Of course, ever-curious me wanted to know what‘s going on. Apparently, without the proper Apple Id, you cannot just delete an iPhone and use it as a brand-new one, so this explains why this guy (this group) tried to get to my password so desperately. (I later read that if the credentials cannot be found, the stolen devices can only be sold as spare parts). But how could they personalise their attacks? For one, my Apple Id email address contains both my prename and surname, so they had that. I imagine that from the model id printed on the back of the device they could get to its specs, so they could send me a text like ?here‘s your 256GB iPhone 11 pro silver“. They probably used a telephone directory, looked for my surname and found my parents‘ landline number. The only thing I‘m still unsure about is how they got to my wife‘s mobile phone number. Strange. I‘ll have to go to the police tomorrow and testify once more - maybe I‘ll learn something new then.

Learnings?

Here are a few things I learned or will have to get better at in the in the future:

• I need to lock the office door
• Using one device ecosystem (in this case Apple‘s) along with cloud backups, strong authentication and a remote deletion option can really give you peace of mind in these extreme cases.
• It‘s a good idea having two separate phones - and use the crappy phone for business purposes ;) So no work data were stolen at all, which was also reassuring. And I had a spare phone to make calls.
• The only thing I hadn‘t thought about was backup up my one-time passwords. I ran Google Authenticator on this device, and it‘s gone now. Fortunately I kept printed backup codes, so as far as I can see it, I haven‘t lost access to any accounts. In the future I‘ll be using the Microsoft OTP app, which has cloud backup capabilities.
• I‘ve been using 1Password as a password manager for quite some time now, creating strong and random passwords for important services. So even if folks are trying to get into those accounts with my email address, I‘m pretty certain they won‘t be able to guess those passwords.

Overall, it really pays off to be a little paranoid about one‘s data. Pay a few Euros for decent apps, and create a safe workflow. And always think: what would I do if some random guy showed up and nicked this piece of technology that‘s with me all the time and contains all the stuff. Which brings me back to the beginning of my story.

At work and in my private life, I always try to assume positive intent. So maybe this guy was desperate and urgently needed the money to help someone else. And I feel privileged to be able to say that having to buy a new iPhone is not ruining me financially.

However, just showing up and intruding my privacy like that? F** YOU!