Xrfgtjtk

My iPhone was stolen a couple of weeks ago and I started receiving the following messages on my recovery secondary number that I provided with Find My iPhone:

The URLs are:

• https://apple.inc-view.us/?auth=3455


• https://apple.inc-locate.us/verify.php?ID=&auth=325&vr=

And they mimic the interface of Find My iPhone where they're asking me for my Apple ID credentials. I logged into Apple ID and the phone hasn't registered since it was stolen.

Wondering if there's something I can do to track them down or be mean to them.

Offensive defense is the type of attack you are looking to perform. You have been the victim of a technological crime, you are the target of a phishing campaign, and you want to get even. This is a very normal response and I can tell you that many organizations, governments, and individuals attempt this on their own daily. There is a major issue with any type of non-legal recourse, however.

Due to the anonymity of the internet, and the relative ease of using a botnet to do malicious activity, it can be really difficult to assure that you only hurt the people you intend to hurt. In attacking an individual through a network relay, you may end up shutting down your own grand mother's computer which is less than ideal and totally irrelevant to the initial attackers. The only truly legal recourse is to co-ordinate with your local authorities and attempt to gain information back on the attackers.

If you can glean any information from your cowardly attackers that may indicate name or location you can use this to work with the authorities. Also, if the phone is on, you can still attempt to use the "Find My Phone" feature to track down it's current location alongside the proper authorities (I do not recommend confronting thieves on your own or without legal support).

In the end, it really sucks that you're in this position and I have compassion for you. Know that your options are limited, but do take advantage of the ones you can so you have the peace of mind knowing you did all you could legally do. That will be far better than putting your self in the position of risking jail time over a device.

I've just checked on Whois.us. Both domains are registered to the same person, with a stated address in London.

Try talking to the internet fraud team from your local police. Chances are they're overworked, but if they've got some free time then they may be able to go to TLDsolutions.com and trace the payments. For most countries this would be a dead loss, but US ISPs have to keep records and play nicely with police requests. So they may have screwed up by using a .us domain.

Call the police and sue them in court! That will show them you can be mean. Moreover, it will be legal and you will stay out of trouble.

The attackers are skilled enough to not enable the phone and to set up a fake Find My iPhone site. This clearly shows they understand fairly well how the iPhones security features work and are trying to trick you into revealing the credentials that will let them get around those.

Unless you are highly skilled yourself, they probably have the upper hand in this. The fact that they reach out to you like that shows they are willing to take a (small) risk to get your credentials, so your best bet is to not give them what they want. It is unlikely that you will find a trick that they didn't anticipate, and more likely that in trying you would give them information they can use.

You should get the IMEI blacklisted, if you haven't yet. This is the best effort to make the phone useless for the thieves. With any luck, they'll ditch it somewhere, someone else finds it and turns it on, and it will show up on Find My iPhone.

This message is coming from an 'abundance of caution' so that you understand that you may be engaging in something that may be dangerous (organized / violent criminals). The other postings indicate that the messages are from reasonably sophisticated thieves that are fishing for your info.

Escalating ("being mean") is potentially dangerous unless you are sure you understand who 1) stole and 2) has custody of your phone. There is a non-zero chance that they know who you are, since it is your phone. The phone may have been transferred to dangerous criminals. If you know someone at GCHQ, maybe they could take it on as a pet project.

It is understandable that you would like to get your phone back and even a little karma payback: your safer bet is to work with the authorities: just make it easy for the authority to catch the thief.

Something you could do is to pretend to give them what they want. Go to their site and enter some fake credentials. They might grab those and try them on your phone or on a computer, which might reveal some information about them, like time and IP address of a failed log in attempt, maybe even location of the device.

Just be extra careful (isolated browser (in a virtual machine), plug-ins disabled, security settings to maximum, anti virus on-access scan enabled,...) when visiting their site to not fall victim to other malware they may be trying to push to you. (Not very nice, but you could use an internet cafe's computer for that. In the worst case, this computer gets infected, but since there's no personal data on it it's not a very big deal to just scrub it and put a fresh image on it; which they might do routinely anyway.)