Elwin Loomis

Mugging

by Elwin Loomis/ November 19th, 2021


"Give me your passcode"
he said on hand holding the gun
Waiting, the other held my friends iPhone.

Less than 1 hour later, my friend arrived at my home.
No problem, get into his iCloud, use findmy and disable the device.

But his Appleid had been compromised.
With the physical phone/passcode, the thieves changed the icloud password, and logged his iPad out of his account.

We called Apple, without the CCID of a credit card on is Apple account, all devices logged out, and the physical mobile number compromised for secondary authentication, there was nothing they could do other then lock his account for several days. Which we did.

We contacted AT&T and disabled his number/EIN. We changed all passwords, we called his credit cards, we called the credit reporting agencies to put a fraud lock.

The surprising thing in this instance, was the thief, demanded the passcode at gunpoint, which allowed them to start the process of identity theft.
The object was not the phone.

A number of things we did in the first hour that contained some of the blast radius.

What would happen if this happen to you?
I kept this short so it would fit in a post,
I am hoping your comments here will add more.


Prior to theft:
  • Set up a trusted friend as a iCloud recovery contact: https://apple.co/3oxErbf
  • Make sure findmy is on iCloud. So you can erase and lock device.
  • Have a list contacts for these companies: 3 credit reporting agencies, you credit card companies, your mobile carrier, your financial institutions.
  • Note the ccid and credit cards on your apple account.
  • Have an extra SIM and maybe old phone.
  • Use a password manager (I use 1Password)
  • If you use 3rd party MFA authenticators, make sure you understand how to deregister a device without access to that device.

After theft
  • Turn on Lost mode on find my on iCloud if you can, if you lost your account to thief, reset using recovery contact, otherwise call apple to completely lock account.
  • Suspend and lock account from your cell carrier, if you have a old SIM and phone, contact your carrier to possibly move number to this new SIM. You don’t want the old phone able to receive text messages (i.e. SMS second factor) any more.
  • Deactivate the device from 3rd party MFA authenticators, 1password etc.
  • Change all passwords on financial institutions, mobile carrier,
  • Contact your credit cards consider a fraud lock, check pending transactions
  • Contact 3 credit reporting agencies to add fraud lock.

Thoughts?

Originally Linkedin Post: https://bit.ly/3qX1YoX
(worth clicking on the original linkedin Post, because the comments are amazing and often the conversation is better than the original post)