Phone stolen weeks ago… can scammers really hack me?

My phone and my friend’s phone were stolen at a club about four weeks back. We both got replacements pretty quickly. Not sure exactly what her carrier did, but we both reported our phones as lost through our devices. I also removed mine from ‘My Devices’ but left it on Find My. Find My shows it’s still locked, and its last known location was weeks ago in another state.

When I called my carrier for an insurance claim, they said they’d completely lock the phone so it’s unusable. Two days ago, I got a text pretending to be from ‘Apple Pay’ saying my Apple Pay was being used in China and asking me to disable Find My. Obviously, I didn’t, and I reported and deleted the message.

This morning, my friend wasn’t so lucky. Hackers got into her account, changed her Apple ID password and phone number, and wiped her bank account using Cash App and Uber gift cards. Her bank is refunding her, but she has to close her account. Apple told her all they can do is set up a new Apple ID for her.

I’ve been changing my passwords and making sure no new devices pop up on my account. I’m paranoid. Am I safe? Can they really not do anything with my old phone? Any tips or advice would be so appreciated.

image1080×1476 71.3 KB

Just ignore those texts. They can’t do anything as long as you don’t fall for it.

Kim said:
Just ignore those texts. They can’t do anything as long as you don’t fall for it.

I really hope you’re right. It just freaked me out because my friend’s phone wasn’t supposed to be accessible either, and yet they hacked her.

@Tarian
She probably deactivated something by accident or clicked a bad link without realizing it.

Kim said:
@Tarian
She probably deactivated something by accident or clicked a bad link without realizing it.

She’s usually so careful about that stuff. She swears she didn’t touch anything, and she didn’t even get the scam texts I’ve been getting. We’re both confused because she thought she did everything right, but her account still got compromised.

@Tarian
She probably entered her info on a phishing site without knowing it. That’s usually how these things happen.

Hayes said:
@Tarian
She probably entered her info on a phishing site without knowing it. That’s usually how these things happen.

I told her about the scam texts as soon as I got them, so I don’t think she would’ve fallen for anything like that.

@Tarian
If she’s being honest with you, then she might not even realize she fell for a phishing attempt.

@Tarian
Did she have a passcode that was easy to guess?

If your friend didn’t click any links, they probably guessed her Apple ID password or her phone’s PIN. That’s usually how they get in.

Wade said:
If your friend didn’t click any links, they probably guessed her Apple ID password or her phone’s PIN. That’s usually how they get in.

So even though my carrier locked the phone and SIM, they can still guess the passcode? How can I stop them from trying?

@Tarian
You can trigger a remote wipe if the phone ever connects to WiFi.

If your iPhone is lost or stolen, check out the official iPhone support page for help.

There are rare methods to bypass iCloud lock, but it’s very difficult and unlikely. You should choose the ‘Erase this device’ option to safely delete your data and make the phone completely unusable. Erasing it will still let you track it on Find My.

Also, block and report any suspicious messages or contacts.

@Pax
I think I might’ve already done ‘Erase this Device’ when I removed it from ‘My Devices’? I didn’t remove it from Find My because I’ve read that you shouldn’t do that.

Tarian said:
@Pax
I think I might’ve already done ‘Erase this Device’ when I removed it from ‘My Devices’? I didn’t remove it from Find My because I’ve read that you shouldn’t do that.

Yes, erasing it is good. If you left it on Find My, it’ll stay locked and unusable. That’s the best way to make sure your data is safe.

@Pax
Great, I just erased it, and now it says ‘Erase Pending.’ I’ll also change all my passwords and set up two-factor authentication. Do you know of a good password manager?

Your friend wasn’t hacked; she probably fell for a phishing scam and is embarrassed to admit it.