What happens to your smartphone when it gets stolen?
I recently had my iPhone stolen while on a business trip in London and, through the wonders of Find My, have been able to track its journey in the past few weeks. I found it to be a fascinating insight to what appears to be a rather sophisticated phone theft operation and thought I'd share!
First, the theft.
I was walking to my office and ended up waiting at a crosswalk on Oxford Street. I suppose every tourist must learn the hard way not to do this... buuut I thought I'd reply to a text and pulled out my phone. Not even 30 seconds later (literally) someone on a bicycle zoomed by and snatched my phone straight out of my hands. By the time I had processed what had happened, the person was already 2 blocks down and I knew my phone was gone.
Clearly this thief was a pro at this. :(
Since I had iMessage open when my phone was stolen, my first panic was "oh shit my phone is unlocked." This meant they could poke around my photos, notes, text messages, Venmo, etc _if_ they kept my phone unlocked. 😬
I sprinted back to my hotel and pulled up Find My on my MacBook. I set my phone to Lost Mode and initiated a remote wipe and prayed it would go through. The Find My UI isn't particularly intuitive here, but looks like it went through a few minutes later.
(pro tip: enable Find My!)
I was able to track my phone on Find My and watched this person zoom all around London.
It was actually crazy how fine grain the tracking was actually, I watched them go all the way down Oxford Street, through several tube stops, circle around touristy areas a couple times, etc. Having a phone stolen is panic inducing but at least this was entertaining to see.
I assume they were snatching phones from folks as naive as I and I can't imagine how many phones they must have gathered.
Eventually they called it a night and ended up somewhere in Tottenham(?) which I presume is where they live. I stopped live tracking for the day as well.
I thought this was just some basic theft that would result in my phone getting sold on Facebook Marketplace and that would be that... but no it turned out to be far more sophisticated.
Second, the phishing text messages.
On the second day, every one of my emergency contacts received the following text message. I opened up the URL myself and it was a full blown Find My web UI phishing page, which I assume was trying to get my Apple ID password!
For context, if an iPhone is Find My enabled and remotely wiped, it cannot be reactivated without the original Apple ID login. So unless they have my Apple ID, my phone is a brick to them. This was a step up from what I was expecting.
I also noticed my phone had moved to a different location... which suggested this must be a coordinated theft operation. Guess this bike thief truly is a pro.
By this point I filed a police report, filed a business travel claim, and left it at that. I checked in every few days and my phone stayed in the exact same location so I assumed it had been scrapped for parts as they had not gotten my Apple ID login in over a week. But this morning...
