Brazilian criminals detail how they gain access to bank accounts from stolen iPhones

Filipe Espósito, 9to5Mac:

The Brazilian newspaper Folha de S. Paulo reported last month how criminals had been stealing iPhones in Brazil to access people’s bank accounts instead of reselling the devices. Now, the police seem to have finally figured out how they gain access to bank accounts, and to our surprise, the process seems easier than you might think.

And:

Basically, thieves take the SIM card out of the stolen iPhone and then put it into another iPhone. Using social networks like Facebook and Instagram, they can easily find out the email address used by the person who had the phone stolen. In most cases, this email address is the same as the one used for the Apple ID. All they need to do is reset the Apple ID password using the victim’s phone number.

The portability of the SIM card comes back to bite us. Is there anything Apple can do to prevent this?

Apple has promised the Brazilian newspaper that it will make it easier for users to delete all data from a stolen iPhone. However, the company did not give details of what exactly it will implement. With iOS 15, users will finally be able to track a powered-off iPhone using the Find My app.

And, of course, the best thing you can do to protect your accounts is not to store your passwords in the Notes app or other non-secure apps. Another good option is to only use an eSIM instead of a regular SIM, as the eSIM cannot easily be transferred to another device.

Why we cannot have nice things.