Social Engineering: How to steal Brand New iPhones from Apple

Looks like there’s some worms in Apple.

3DNot too long ago, dozens and dozens of iPhones were stolen from two Apple stores. How could this happen, what with Apple’s security? Simple: The thieves wore clothes similar to Apple store employees and obviously knew the innards of the stores.

They sauntered over to the drawers that held the new phones, acting nonchalant to avoid attracting attention. In fact, a new face in Apple attire at one of the stung locations wouldn’t raise eyebrows since new employees are trained there.

What mistake did Apple make to allow these robberies? The introduction of new uniforms, perhaps? They came up with the idea of “back to blue, but all new” attire. But really, that shouldn’t be so easy.

This meant no one and only uniform, but rather, a variety of options that fit within a color and style concept. This makes it easy for someone off the street to visually blend in with store employees. There are six styles of just the top alone. You can pick up a strikingly similar top, including color, at Walmart. And unlike previous attire, which changed seasonally, this new line is meant to be permanent.

Have you yourself ever been mistaken for an employee at Walmart or Target (blue shirt, red shirt), or asked someone for assistance who replied, “I don’t work here”? See how easy it is to blend in—without even trying?

The theft at the two Apple stores are believed to be related, but the thieves are not known. It’s also not known if the thief or thieves were wearing an actual Apple top or just a look-a-like.

This ruse can easily be pulled off by anyone appearing to be in their early to mid-20s, clean-cut, wearing glasses (to look geeky), and with calm, cool and collected mannerisms—and of course, a royal blue shirt.

The solution would be for Apple to require a line of tops with a very distinct color pattern, and only two choices (short and long sleeved).

The lesson here: Not everything or everyone appears to be what they actually are. Social engineering is a confidence crime. As long as the thief has your confidence either in person, over the phone or via email, you are likely to get scammed.

Always be suspect. Always challenge what’s in front of you. Never go along to get along. And put systems, checks and balances in place to prevent being scammed. In this situation, proper, secure identification and authentication with proper checks would have prevented this.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.