"Really unhelpful": Apple user gets drained of $10,000 in passcode scam

Reyhan Ayas, a senior economist at Revelio Labs, had her phone stolen in November 2021 while leaving a bar in Manhattan. Ayas was not able to access her Apple account, and $10,000 was stolen from her bank account over the next 24 hours. She contacted Apple support, but they were not helpful, and Ayas was eventually advised to open a new bank account and transfer all her funds to it. She also received an email from Credit Karma showing an application for an Apple credit card, which was approved while she was on hold with Apple-card support. The Apple support team continually asked if she had tried the "Find My iPhone" function, which Ayas found frustrating as she had tried it "like minute three".

Ayas was interviewed by Insider and said that she believes the thief had seen her enter her passcode at some point and had waited for the chance to steal her device. She also said that during her most recent conversation with an Apple representative, the representative told Ayas that there was no way to regain access to her iCloud account.

The Wall Street Journal reported that criminals have discovered that learning a user's passcode can allow them to lock out the original owner and block Apple's Find My iPhone app within a minute. From there, they can access any built-in apps, potentially allowing them to drain bank accounts before selling the handset. There have been hundreds of similar crimes committed in New York over the past two years, with reports of similar crimes in Austin, Texas; Denver, Boston, and London. Image credit: MacRumors Apple has account-recovery policies to help prevent bad actors from accessing users' accounts, and an Apple representative told The Journal that the company believed these crimes were rare because the thief would need both the device and the passcode. However, Ayas believes that:

Apple takes a lot of pride in being, like, a closed-security environment. But they rarely talk about if someone gets into that closed-security environment; it is also closed to the people who own the account. It can absolutely turn against you.

Apple did not respond to a request for comment from Insider, and The Journal reported that Ayas had filed a police report and showed notifications of a password-reset request and login details from after her device was stolen. Insider reviewed both the police report and the notifications.

While Ayas was advised to open a new bank account and transfer all her funds to it, Alex Argiro, a former NYPD detective, told The Journal that iPhone thieves are after more than just the devices themselves. "Once you get into the phone, it's like a treasure box," Argiro said.

The theft of iPhones has become a significant problem in New York City and elsewhere, with criminals learning how to use passcodes to lock people out of their Apple accounts. This has led to the theft of funds from bank accounts, as well as personal information being stolen. Ayas was frustrated with Apple's lack of support, and her story highlights the need for Apple to improve its account-recovery policies and security measures.

Recommended by the editors:

• The UK Could Soon Refuse Apple Security Updates

• $10 billion down the drain: how Apple changed the social media industry with one small popup

• Craig Federighi admits that Apple could have handled CSAM detection features better

• Apple employees express concerns with new CSAM scanning

• Epic Games CEO criticizes Apple over new CSAM safety initiatives

• Tap here to explore more news and insightful journalism from Apple Scoop — America's most-beloved independently operated source for all things Apple