Criminals Use Phishing Tactics to Obtain iCloud Credentials of Stolen Apple Devices

Profit-motivated criminals attempting to resell lost and stolen Apple devices on the black market are using social engineering techniques such as phishing and SMiShing (SMS phishing) to target the former device owners and obtain their iCloud credentials. The specially-crafted phishing emails and text messages are designed to appear as though they originated from an Apple representative and include wording that suggests the victim’s lost or stolen device had been located and that the victim’s iCloud login credentials are needed by the representative before the device can be returned. If the victim responds with the credentials, the criminals use them to unlock the device and restore it to factory settings in order to resell it to a new buyer. The ability to unlock Apple devices is in such high demand that hackers have begun offering iCloud fraud “as a service” to stolen device dealers. This service includes various tools such as MagicApp, Applekit, and Find My iPhone to automate phishing campaigns and unlock iCloud accounts. The NJCCIC recommends all Apple device users review the Trend Micro report and maintain awareness of this and similar social engineering tactics used to obtain sensitive information. Never divulge any account login credentials in response to an email or SMS request and have two-factor authentication (2FA) enabled on every account that offers it. If you have questions or concerns regarding any of your accounts, follow the instructions provided on the associated company’s website to contact an official representative.