Criminals Steal Passwords from Brazilians with Fake Apple Websites

A phishing scheme targets Brazilian iPhone users, using more than 40 fraudulent domains to collect Apple ID credentials. The operation targets victims of mobile phone theft or robbery, quickly contacting them after the crime with messages that mimic official Apple communications.

According to an investigation by the TecMundo website, the criminal action begins as soon as the phone is stolen. The scammers manage to obtain the victim's phone number, possibly through information extracted from the device itself or its SIM cards.

Next, the victim receives a message presented as a "Virtual Assistant" from Apple, offering an "immediate pickup" procedure for the device. The message contains instructions to access a fraudulent website, stating:

• "Virtual Assistant
  
  Dear Customer,
  To proceed with the immediate pickup procedure, access [the website] and follow the instructions.
  
  NOTE: To complete the immediate pickup of the device, a Photo ID or Device Receipt is required."

The link leads to a deceptive page that pretends to be the official iCloud site, simulating that the iPhone has been found and is available for pickup.

Smart Redirect Scam

The technical sophistication of this scam makes it dangerous. The fraudulent site redirects to the official Apple page for password recovery in case the user has lost it. This creates a false sense of security, making the victim believe they are interacting with legitimate sites.

Moreover, these fraudulent pages include links to Apple's user manual, further increasing their credibility.

More than 40 domains related to this campaign have already been identified, all following patterns that mix common terms to appear more legitimate, such as "whatsapp", "support", "icloud", and "brazil".

How Scammers Profit

Apple's Activation Lock is difficult to break directly. Therefore, criminals resort to social engineering to obtain their victims' accounts.

Once they have the Apple ID and password, the scammers can disable Activation Lock and resell the stolen iPhone. The damage goes beyond that, as they gain access to iCloud backups, including photos, messages, personal documents, and banking information, potentially even committing identity fraud.

Campaign Targeted at Brazil

All elements of the operation have been adapted to the Brazilian context. The messages are in Portuguese, the domains mention Brazil, and they make references to WhatsApp, requesting specific documents required by local legislation, such as the purchase invoice.

The timing of the messages is coordinated, as they arrive shortly after the theft, taking advantage of the victim's emotional state of vulnerability and desperation.

Tips for Protection

To protect yourself from this type of scam, some precautions are recommended:

• Apple does not contact customers via WhatsApp or SMS offering "immediate pickups" of devices;
• In case of theft, do not click on links received via message;
• The legitimate way to activate Lost Mode is to access iCloud.com/find directly in a browser or through the “Find” app on another Apple device.

Additionally, devices can be configured to avoid problems in case of theft:

• Enable two-factor authentication in Settings > [your name] > Password & Security, making access difficult even if the password is compromised;
• Enable the SIM PIN in Settings > Cellular > SIM PIN to prevent criminals from accessing your number;
• Note your IMEI by dialing *#06# and keep it safe for reporting purposes;
• After a theft, immediately change your Apple ID password by accessing appleid.apple.com directly in a browser;
• File a police report, even if you don't recover the device, as it is important to block the IMEI.

Stay updated on security and technology news on social media and the TecMundo YouTube channel.