An ABC7 I-Team Investigation
A new elaborate scam can victimize smartphone users multiple times. First they snatch the smartphone, then users are fooled into clicking on a fake link.
It starts with a simple crime: a stolen smartphone. But it's not just the expensive device that the thieves want.
The thieves then pass your phone on to high-tech hackers, experts say. Then, they scam you again by sending you a link saying your phone has been found.
"There are two parts to it," said Andrew Hoog, of NowSecure in Oak Park. "There is the criminal organization that's capable of stealing iPhones, this is basically your strong arm. They've got people on the streets that will mug you and take your phone."
Once the phone gets into the hands of hackers they use special websites to figure out the device's phone number.
Then you get a text message, either on your new phone or on another device synced to the cloud.
"And you can from this text message that the attackers already know a lot about this individual's phone. They know it is an iPhone 7, they know the name on the account," Hoog said.
The text says your smartphone has been located and all you have to do is click on a link and enter your Apple ID and password.
The problem? That link is not really from Apple.
"I see the little blue underline, I've read the message, I lost my iPhone, I'm getting excited, on the phone it looks like Apple's website, it feels like Apple's website. I'm almost there. I'm at the finish line, let me type in my user name and password and recover my phone," Hoog said.
Hoog said it's an elaborate scheme known as targeted phishing.
Smartphone users are victimized twice, if not more because then they can take everything learned about the user and perpetrate more attacks, Hoog said.
He said the scheme can be carried out using many brands of smartphones and that thieves now need to use this secondary phishing step to make the theft worthwhile.
"The reason they want to do this is if you steal an I phone and it is locked it is very difficult to sell that in the market because apple has put in a lot of security that makes it difficult to go out there and re use it," Hoog said. "If you can convince somebody to give you their iCloud user name and password. They can unlock the device, wipe it and sell it for more money on the black market."
The Chicago Police Department would not disclose recent smartphone theft figures, telling the I-TEAM to file a Freedom of Information Act request. The I-Team submitted one and have not yet heard back.
In February 2014, detectives told us the problem was skyrocketing and that 90 percent of the stolen phones were resold for $2,000 a piece in Hong Kong.
So how do people keep their smartphones safe?
"Just keep it on me at all times so I know it is close to me," Tara Patterson said. "It's always in my backpack."
"So I charge it when I sit down and I'd be lying if I, if every time someone doesn't come within in 10 foot, I don't make sure it's not snagable," said Nicholas Kelley.
But if a smartphone does get stolen or lost, users can protect themselves from targeted phishing scam by keeping a few tips in mind:
-Go to real sites, on your own, to track your device.
-Be suspicious of any inbound link that asks for your information.
-Most legitimate companies like Apple and Google will not send you a link and ask you to enter personal information.
Report a typo to the ABC13 staff