Home » Blog

The Stolen iPhone Playbook

Davis Keene·November 13, 2023

A Sunday in Manhattan

It was a Sunday morning around 3am, in the bustling streets of Manhattan's Lower East Side. I was there, waiting for a bus with a friend, just two weeks after moving to NYC. While meandering on the corner of Delancey and Allen, two young men approached us and struck up a conversation, asking about a good place for pizza. We talked for a few minutes and then casually, they asked to use my phone to add me on social media. In that fleeting moment of trust, my iPhone was snatched. It all happened in a blur: they ran, jumped into a car, and sped off. There I was, standing in disbelief, my digital lifeline gone.

Don't give your phone to strangers. Ever.

Stunned, I called the police, filed a report at the scene, and went home to sleep, hoping it was all a bad dream. I was honestly feeling pretty relieved that neither my friend nor I were hurt in the process. I'll take care of this in the morning, I thought to myself. A stolen iPhone is a few hundred dollars down the drain, but it can't get much worse than this.

I was dead wrong. By morning, I woke up to go to my laptop, and realized my email was flooded with notifications of fraudulent activity. My iCloud passcode changed, a recovery key added, my banking apps compromised. They had sold off my crypto assets on Coinbase and Cash App, made purchases on Uber Eats, and, to my horror, created an Apple Card under my name. Panic began to set in as I realized something crucial: they must have seen me unlock my phone using my passcode, giving them unfettered access into my personal information. My phone, once a safe haven, had become an open book.

I don't know for certain, but they likely found my social security number in an email about apartment applications. Do a search for your social security number in your email, notes app, and anywhere else you store sensitive data and documents.

Sunday morning was a race against time. Banks were closed, and I had no choice but to trigger multiple failed login attempts to lock my accounts until I could call to disable them on Monday. I reached out to Apple support in a desperate attempt to regain access to my iCloud account, but to no avail. The Recovery Key that was placed on my account locked me out in a way that not even Apple could bypass. I then had to call AT&T to brick the device, trying anything to stop the damage.

If a Recovery Key is placed on your iCloud account, Apple cannot send you a password reset link until that code is entered into their system. It's a good idea to set this Recovery Key yourself and store it somewhere outside of the context of your iCloud account. Even if you lose it, at least other perpetrators won't be able to change your account information.

By the time I was able to stop the perps from causing any more trouble (a mere 6 hours after the robbery had taken place), I was charged around $12,000 in fraudulent charges, most of which, thankfully, were forgiven days or weeks later. The thieves had exploited my Face ID passcode override to access my banking apps and iCloud keychain. Fortunately, they hadn't tampered with my Google account, which was a small relief amidst the chaos. I spent the rest of the morning, and the remaining days that followed, changing my online account information, cancelling and issuing new credit cards, and talking with the FTC about identity theft prevention and remediation. My friend from the night before was kind enough to let me use his phone to make these calls before I could purchase a new iPhone.

Now, I won't pretend like I'm grateful that any of this happened to me. It was a New York City baptism by lava after having moved in two weeks earlier. I do, however, want to capitalize on the opportunity to share my newfound understanding of protecting ones information if an iPhone is stolen. Hopefully you can learn a thing or two from my experience and keep your own digital information safe.

The Stolen iPhone Playbook

In the event that your phone is ever stolen, or even missing in an unfamiliar place, here are some steps that you can take to minimize the fallout:

Immediate Response

It's important to act fast. Skilled, organized criminals can change your account information and lock you out in as little as 10 minutes.

  1. Log Into iCloud: Using a friend's iPhone or Mac, sign into your iCloud account and put your device into "lost mode". This can be done regardless of the phone's connection to the internet. This will temporarily disable it.
    • Brick Your Device: If for whatever reason you cannot log into your iCloud account, contact your carrier, in my case AT&T, to remotely disable the device, turning it into a paperweight.
  2. Lock Down Your Accounts: Change passwords and enable additional security measures on all your sensitive accounts, including but not limited to: google, iCloud, creditors, banks, and social media.
    • Sign Out Of All Accounts: Many providers (Google, iCloud, etc.) will give you the ability to "Sign out of all devices". Do this for the most sensitive accounts that you have, as this stops a thief from being able to SSO into your mail and other accounts.
  3. Report to the Police: File a report at the crime scene. Don't delay, as every second counts. This also gives you a timestamp and documentation for when and where your phone was stolen, which helps the investigation.

Securing Your Financial Front

This doesn't only apply if you have credit or debit cards in your Apple Wallet. Sensitive financial information can be found on your phone in unlikely places, and can lead to your accounts (and even your identity) being stolen.

  1. Banking Alerts: Report the theft to your banks immediately. Use their apps or websites to freeze your accounts.
  2. Credit Freeze: Utilize resources like identitytheft.gov to freeze your credit across major bureaus, stopping the hemorrhage of your financial identity.
    • A credit freeze is usually a good idea to put on yourself as a defensive mechanism if you aren't applying for a line of credit anytime soon. It's easy to apply and remove this freeze across all 3 bureaus.

Damage Control

Once you've had a moment to assess the damage and relax, it's time to start picking up the pieces.

  1. Amend Police Reports: Update your report with any new information, especially regarding identity theft.
  2. Keep a Paper Trail: Document every step, every call, every action. This will be crucial for insurance and legal purposes.
  3. Collect as much Data as Possible: If any fraudulent charges were made on any accounts, record where those purchases were made and at what time.
  4. Set up new Accounts, and Keep Calm: In the event of digital larceny, most of the time it's the banks and creditors that are losing money, not you. Set up new credit cards, checking accounts, and other online accounts if you fear that yours have been compromised, and remain calm. You're going to be okay.

Digital Safeguards

Some of this information may seem obvious, but it's important to re-iterate.

  1. Complex Passcodes: Use a strong, unique passcode for your device and accounts.
  2. Biometric Balancing: While convenient, be cautious with Face ID and Touch ID, especially for sensitive apps. These systems can be overridden by the use of your iPhone passcode. Many times, thieves will wait for you to enter your iPhone passcode before deciding to steal it, since this is their skeleton key into the world of your sensitive data.
  3. App-Specific Passwords: Use different passwords for critical apps like banking and email. Using a password manager like LastPass or 1Password is also a good idea to keep things safe and separate from iCloud.

iPhone Device Settings Tweaks

Here are just a few tweaks that you can make to your settings to better protect your iPhone against theft.

Set a Recovery Key on your iCloud Account

To ensure that your iCloud account password or information cannot be modified without your consent, you can set a "Recovery Key" on your iCloud account as an added layer of protection.

  1. Open the Settings app on your iPhone and tap your Apple ID at the top.
  2. Navigate to Password & Security.
  3. Scroll down to find the Recovery Key option and tap it.
  4. Turn on Use Recovery Key and follow the prompts.
  5. Your device will generate a 28-character Recovery Key. Write it down and keep it in a secure place; you'll need it to reset your password or regain access to your account.

Now, if your iCloud account is locked, or if the password is somehow changed, you can use this Recovery Key to give Apple verification of your identity.

It's important to note that if this Recovery Key is lost, there is nothing that Apple Support can do to help you. I called all the way up the IT Support totem pole; there are no back doors. They can't even delete the iCloud account without this key.

No Automatic iCloud Keychain Access

Disabling automatic iCloud Keychain access is a savvy move to enhance your iPhone's security. Here's a quick guide:

  1. Open the Settings app on your iPhone.
  2. Scroll down and tap on Passwords & Accounts (or just Passwords in newer iOS versions).
  3. Next, go to AutoFill Passwords.
  4. Here, you can toggle off AutoFill Passwords. This prevents your iPhone from automatically accessing and filling in your stored passwords.

By doing this, you add an extra layer of security, ensuring that your keychain passwords aren't automatically used or filled in, especially if your device falls into the wrong hands. Remember, in the digital world, every small step towards security is a leap towards peace of mind. Once again, using a password manager that isn't connected to your iCloud keychain is a great alternative for storing sensitive data.

Fortify Your iCloud with Screen Time

Screen Time on iPhone isn't just a tool to monitor your phone usage, but it can also be used to restrict access to different iOS features. We're going to use it to disable iCloud and Apple ID account changes from being made on iPhone.

  1. Open the Settings app on your iPhone.
  2. Tap on Screen Time, found usually just below 'Notifications'.
  3. Set Up Screen Time if you haven't already, you'll need to create a passcode here. Choose something memorable but not easily guessed (ie. not your iPhone passcode).
  4. Navigate to Content & Privacy Restrictions, then enable Content & Privacy Restrictions.
  5. Go to Account Changes, and select Don't Allow. Do the same for Passcode Changes.

Now, anytime that you want to make changes to your iCloud account on iPhone, you have to first re-allow these features in Screen Time. It's a bit tedious, but it's a great extra layer of security that will help you out in the event of theft.

Set an Account Recovery Contact on iPhone

Setting an Account Recovery Contact on your iPhone is a great way to secure your Apple ID. In the event that your phone is lost, you can add an Account Recovery Contact to verify your identity and help you get access to your Apple ID safely.

  1. Open the Settings app and tap on your Apple ID at the top.
  2. Select Password & Security.
  3. Look for the option Account Recovery and tap on it.
  4. Choose Add Recovery Contact. You'll need to be over 13 years old and have two-factor authentication enabled.
  5. Follow the prompts to select a contact from your list. This person should be someone you trust deeply, as they'll help you regain access to your account if needed.

Your chosen contact will receive a message letting them know they've been added as your recovery contact. Remember, this is a safeguard for those rare moments when you might be locked out of your account, so choose someone reliable.

The Silver Lining: Lessons Learned and Shared

Living through this ordeal, I've come to appreciate the delicate balance between convenience and security in our digital lives. It's a tough lesson, one that came with a hefty price tag and a side of sleepless nights. But if my experience can serve as a cautionary tale, a guide to help you navigate these treacherous digital waters, then it's a story worth sharing. Stay vigilant, stay informed, and remember, in the digital world, your first line of defense is always awareness.