Someone tells you their iPhone is compromised, and money is stolen from their financial applications. You probably expect them to say they were hacked.

Unfortunately, a wave of people are reporting instances where their iPhone is physically stolen from them, and in turn, the criminals can access the contents of the device, reset passwords, and drain bank accounts and crypto wallets.

These malicious actors do so by learning the target’s passcode, using an assortment of tricks to obtain the numerical code.

This blog post explains how these crimes work, what you can do to protect your devices, and the steps you should take if your iPhone is stolen.


Criminals Get the Passcode Either Through Trust or Force

A common example of this crime in action may be found at social gatherings. For example, a malicious actor befriends their target at a bar. After establishing a connection with the target, they ask them to take a picture or open an app.

What they do is watch the target enter the passcode to their device. They may try a couple of times before they finally memorize the passcode. Or, they may “accidentally” turn off the iPhone, which would require the target to enter the passcode to open the device.

In more serious cases, the criminal may threaten the target to turn over the passcode and the device. Some victims are sadly drugged and do not remember what happened to them or their phone.

Either way, once the criminal knows the passcode, they then try to steal the iPhone. Now equipped with the passcode, the criminal can open the device and change the Apple ID password, reset trusted phone numbers and email accounts, and turn off the My iPhone feature.

The criminal now has the ability to access payment apps such as Venmo, use Apple Pay, and can find bank app passwords stored in the iCloud Keychain.

Victims can lose large amounts of money in a very short period, and getting the money back can be incredibly challenging.

It’s a crime that can greatly harm victims, both financially, emotionally, and in those more severe cases, physically. It’s why you should take the proper precautions to lock down your iPhone as soon as possible.


What to Do to Protect Your iPhone

Here are some proactive steps you can take to guard yourself against this crime:

  1. Make sure your accounts are protected with strong, unique passwords and passphrases, and enable biometric authentication whenever possible. Even with the passcode, criminals may be locked out if they can’t scan your face.
  2. Enable dual-factor authentication. Do not use SMS text messages as your second authentication method. Authenticator apps and physical security keys are more secure.
  3. Adjust various settings to lock down your iPhone. Limit what anyone can access from the lock screen, such as disabling access to the notification center, ensuring no one can access your Apple Wallet and that no one can return calls. Be sure to activate Lock Screen widgets and turn on the feature that erases your data after 10 failed passcode attempts.
  4. Activate the “Find My” feature under Settings and Apple ID.
  5. Regularly back up your iPhone.
  6. Take a screenshot of your applications to keep track of them.


How to Handle the Aftermath If You Fall Victim

Taking the steps mentioned above is a great way to lock down your iPhone, but unfortunately, we can never know when the worst may happen.

Should you fall victim to this crime, follow these steps to react quickly and minimize the harm you may face:

  1. Using the “Find My” feature, locate, lock, and remotely wipe your device.
  2. Go to the Apple website and access iCloud/iTunes. Detach your accounts from the stolen device.
  3. Contact your cellular provider and inform them of the theft to restrict service.
  4. Force log out from your primary email accounts and financial platforms.
  5. Disconnect the stolen device from all internet of things devices and accounts.
  6. If you are using an encrypted password vault, such as 1Password, ensure it’s logged out from the stolen device.
  7. Notify close relatives or friends about the situation. Advise them against calling the stolen number and caution them about answering any unfamiliar messages or calls.
  8. Reset passwords and enable dual-factor authentication on essential accounts, including financial, email, social media, healthcare, and internet of things devices. Make sure you do this using a new and secure device.

And as always, report the crime to law enforcement and act quickly. Recovering stolen funds can be incredibly difficult, and the longer you wait, the less likely it’ll be for you to get your money back.