Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Phishing, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Phishing kits meet $2,100 second hand iPhones on black market, study

As Americans begin to worry more about cybercrime than the conventional kind, researchers warn users to remain cautious of both, as stolen iPhones are so valuable in criminal circles that they can go for as much as $2,100 in some countries. 

While a Gallup study found more Americans worry about hackers stealing their personal information and identity theft than having their vehicle stolen, new research by Trend Micro suggests Americans may want to reprioritize their fears as cybercriminals have found a new use for swiped iPhones.

However, the bad guys are not interested in just obtaining an overpriced smartphone, but instead have in place an elaborate scam that will have the phone's former owner willingly giving up all the information needed to not only unlock the phone, but give the criminals access to their iCloud account.

The researchers followed the business of selling stolen Apple devices and found an elaborate network of phishing scam kits, black market vendors and hacking tools used to resell the devices across the globe.

Last year alone 23,000 phones were stolen from the Miami International Airport and the demand for these devices is staggering with even long out of date stolen iPhones going for as much as $2,100 in Eastern European countries, according to a Nov 14 report. At retail Apple's most expensive phone costs $1,149 for the flagship iPhone X with 256 GB of storage in the U.S. to put the markups in perspective.

Cybercriminals are stealing the phones, waiting for victims to activate the Find My iPhone services and then sending a phishing email designed to spoof an Apple notification prompting the victim to log in to their iCloud accounts. The thieves then use this information to log into the victim's account and unlock the stolen device so that it can be reused and resold.

Researchers found that thieves will often contract with third-party phishing services to unlock the devices and that they were using tools including MagicApp, Applekit, and Find My iPhone (FMI.php) framework to automate iCloud unlocks.

Many of the providers also offer additional resale services and rent out servers for sending phishing messages. The phishing kits are actively advertised on social media and include full tutorials on how to use them.

Some of the services offer the attackers email notifications which included the victim's IP, HTTP referral, browser user-agent and other information. Kits were also spotted with anti-crawler and AV scanner capabilities.

To combat these threats, the researchers said users should always apply best practices when securing their mobile devices, enable two factor authentication on iCloud accounts, and set up or enable the device's internal security features.

Users should also frequently back up their data to mitigate the impact of a device loss and report device's loss or theft to your carrier to deter fraudsters from reusing it. To combat phishing threats, researchers recommend users beware of unsolicited emails requesting iCloud and Apple ID credentials.

Those purchasing second hands phones should also do their due diligence.

“Do your research: if purchasing a secondhand device, verify with the vendor or carrier that they're not blacklisted,” researchers said in the report. “The Cellular Telecommunications Industry Association (CTIA) created a website that verifies the IMEI to help customers and law enforcement check if an iPhone has been blacklisted or stolen.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.