What happens to your smartphone when it gets stolen?
I recently had my iPhone stolen while on a business trip in London and, through the wonders of Find My, have been able to track its journey in the past few weeks. I found it to be a fascinating insight to what appears to be a rather sophisticated phone theft operation and thought I'd share!
First, the theft.
I was walking to my office and ended up waiting at a crosswalk on Oxford Street. I suppose every tourist must learn the hard way not to do this... buuut I thought I'd reply to a text and pulled out my phone. Not even 30 seconds later (literally) someone on a bicycle zoomed by and snatched my phone straight out of my hands. By the time I had processed what had happened, the person was already 2 blocks down and I knew my phone was gone.
Clearly this thief was a pro at this. :(
Since I had iMessage open when my phone was stolen, my first panic was "oh shit my phone is unlocked." This meant they could poke around my photos, notes, text messages, Venmo, etc _if_ they kept my phone unlocked. 😬
I sprinted back to my hotel and pulled up Find My on my MacBook. I set my phone to Lost Mode and initiated a remote wipe and prayed it would go through. The Find My UI isn't particularly intuitive here, but looks like it went through a few minutes later.
(pro tip: enable Find My!)
I was able to track my phone on Find My and watched this person zoom all around London.
It was actually crazy how fine grain the tracking was actually, I watched them go all the way down Oxford Street, through several tube stops, circle around touristy areas a couple times, etc. Having a phone stolen is panic inducing but at least this was entertaining to see.
I assume they were snatching phones from folks as naive as I and I can't imagine how many phones they must have gathered.
Eventually they called it a night and ended up somewhere in Tottenham(?) which I presume is where they live. I stopped live tracking for the day as well.
I thought this was just some basic theft that would result in my phone getting sold on Facebook Marketplace and that would be that... but no it turned out to be far more sophisticated.
Second, the phishing text messages.
On the second day, every one of my emergency contacts received the following text message. I opened up the URL myself and it was a full blown Find My web UI phishing page, which I assume was trying to get my Apple ID password!
For context, if an iPhone is Find My enabled and remotely wiped, it cannot be reactivated without the original Apple ID login. So unless they have my Apple ID, my phone is a brick to them. This was a step up from what I was expecting.
I also noticed my phone had moved to a different location... which suggested this must be a coordinated theft operation. Guess this bike thief truly is a pro.
By this point I filed a police report, filed a business travel claim, and left it at that. I checked in every few days and my phone stayed in the exact same location so I assumed it had been scrapped for parts as they had not gotten my Apple ID login in over a week. But this morning...
Third, my phone's in China...?
It's been over a month and I had long assumed my phone was scrapped. But this morning I got an email saying the Activation Lock on my stolen phone was requesting my password. Huh?
I opened up Find My to see where my phone was and... it's in Shenzhen, China? Wild. I assume this is where they must finally get to scrapping my phone (unless, god forbid, they have some way to crack the activation lock).
I initially thought this was some basic theft where my phone gets resold as a brick to some poor soul on Facebook Marketplace... but nope, it was way more sophisticated than that with a full blown phishing attempt (using a US number too when my phone was stolen in London!!) and a final ship off to China.
As of now, these are the latest updates on my phone. Will reply with any updates if I see them. :)
but some pro tips:
1. Enable Find My on your devices because if your device gets stolen you will sure as hell want to remotely wipe it.
2. If you're traveling, ensure you have a way to access Find My from your hotel. This could be a laptop or iPad you leave at the hotel.
3. Be wary of who you list as your emergency contacts as it appears a thief can view them even if your phone is put in Lost Mode.
4. Be wary of any text messages you receive after your phone is stolen.
5. Do not make your phone (or anything really) a single point of failure while traveling. I normally use my phone as my hotel key and thank god I had brought my physical key card with me that day else I could not have gotten to my laptop as fast. For me, every minute my phone stayed “unlocked” meant another minute for the thief to do damage.
6. Don’t text while waiting at a crosswalk in London I guess. :)