After his iPhone was stolen on a vacation in Italy, Joonas Kiminki immediately set about trying to get it back. When he called the number, he found the phone was shut off. For security, he had set up the device to email him if the thief ever turned it back on, he explains in a post on Hackernoon. He figured he was out the cost of a phone, but since the phone and its data were all linked to his iCloud, at least his information was secure. (And the thief was now in possession of a useless device.)
Then, more than a week later, Kiminki got an email notifying him that the phone had been found. The email appeared to come from Apple and looked just like what you’d expect to receive from the company, right down to the 1 Infinite Loop address at the bottom. Kiminki says he followed the email to a portal, which, again, looked just like iCloud, to input his user information to log in and find the phone.
Luckily, Kiminki works in the tech trade by day, so the website raised a few red flags for him. The URL, show-location-iphone.com, seemed sketchy. And even more worrying, the site was not encrypted. (There was no green lock icon at the top of his screen, like you’d see on a real Apple page.) “I’m pretty sure many people would have just punched in their apple id and password and only then wondered why the login doesn’t work,” he explains in his post. After digging further, he found that the email was actually sent by someone in Nassau. Who probably, definitely, wasn’t working for Apple.
Moral of the story: If you lose your iPhone and Apple notifies you it has been found, double-check to make the message is actually from Apple. And not just some random dude sending scam emails from a basement. (Okay, I made the basement part up, but it’s probably true.)