{"id":8644,"date":"2026-05-14T05:00:18","date_gmt":"2026-05-14T10:00:18","guid":{"rendered":"https:\/\/www.infoblox.com\/blog\/?p=13609"},"modified":"2026-05-14T05:00:18","modified_gmt":"2026-05-14T10:00:18","slug":"lookalike-domains-expose-the-iphone-theft-economy","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/14\/lookalike-domains-expose-the-iphone-theft-economy\/","title":{"rendered":"Lookalike Domains Expose the iPhone Theft Economy"},"content":{"rendered":"<p><strong>Authors: Ma\u00ebl Le Touz, Elena Puga<\/strong><\/p>\n<h3>Executive Summary<\/h3>\n<p>Modern smartphones are extremely secure and can be remotely locked and turned into a worthless brick if they are stolen. iPhones in particular can be remotely secured using a feature called <a href=\"https:\/\/support.apple.com\/en-gb\/108794\" target=\"_blank\">Activation Lock<\/a>, preventing all future use in case the device is stolen. Even individual components can be locked by the owner.<\/p>\n<p>And yet, iPhones are stolen \u2026 a lot. <a href=\"https:\/\/finance.yahoo.com\/news\/mother-tracks-her-sons-stolen-164517561.html?guccounter=1\" target=\"_blank\">Figures indicate over 7.35 million are stolen in the United States yearly<\/a>. So, how do the thieves monetize them?<\/p>\n<p>After a friend reached out for help, we discovered a thriving underground marketplace, organized on Telegram, focused on one thing: unlocking high-end phones\u2014mostly iPhones. By combining technical tooling and social engineering, thieves now have a way to unlock devices at scale and make phone theft profitable.<\/p>\n<p>These so-called \u201cunlocking tools\u201d create a market for stolen phones by allowing anyone with a pulse to try to turn a bricked \u201clost or stolen\u201d device into easy money.<\/p>\n<p>Despite the fact that there are no publicly disclosed vulnerabilities for late model iPhones, threat actors use clever techniques to convince the owner to enter their passcode. SMS phishing (smishing) is one of them, and our DNS telemetry shows steadily growing and persistent activity.<\/p>\n<p>We initially assumed thieves would be interested in the phone\u2019s data. Those devices, after all, hold potentially priceless personal and corporate information. Interestingly, we discovered the opposite. Thieves are after a quick buck, and the value of the data is secondary to the value of the hardware. It seems like their phishing domains are often detected, and some of the tools sold in these forums contain mechanisms to detect DNS blocks and automatically request delisting from Google Safe Browsing.<\/p>\n<p>This paper will detail how, by analyzing DNS clusters, we were able to pivot from an initial text to reveal a thriving marketplace enabling and ultimately driving phone theft. We will then explain how this underground economy functions and how smishing is only one tool in the toolbox they use to gain access to stolen phones.<\/p>\n<h4>From Smishing to Panels<\/h4>\n<p>When somebody loses access to their iPhone, they can set a message on the locked screen, directing the finder to contact a specific phone number to return the device. See Figure 1. Users will usually choose their spouse\u2019s or parent\u2019s phone number. It\u2019s this helpful feature that offers the scammers a way to reach out to the phone\u2019s owner and manipulate them into unlocking it.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"img-400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 1. Lost iPhone displaying a contact number<\/p>\n<p>This is how one of our friends was contacted when their iPhone was stolen in Asia. Shortly afterwards, they received a text with a link to a URL hosted on applemaps-support[.]live.<\/p>\n<p>Lookalike domains targeting Apple are nothing new: we detect over 800,000 a year. But the timing of the text was suspicious, and whoever sent the message clearly had the device in their possession.<\/p>\n<p>At first glance, the page on applemaps-support[.]live closely resembles the real Apple Findmy page, but this is of course a decoy\u2014the website is not operated by Apple. The phone appeared to be moving on the spoofed map (see Figure 2) but before we could do anything else, a pop-up appeared asking for the PIN code to unlock the phone. Had our friend given their passcode, the thief would have immediately gained full control of the device.<\/p>\n<p>\n<iframe src=\"https:\/\/www.youtube.com\/embed\/WQ-eTRr9K2w?si=tx7eBRDqPsTN5QMs\" title=\"YouTube video player\" allow=\"accelerometer; autoplay;\" frameborder=\"0\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen>[embedded content]<\/iframe>\n<\/p>\n<p class=\"image-caption\">Figure 2. iPhone phishing page shows stolen phone moving<\/p>\n<p>Pivoting on DNS characteristics of the domain, we quickly identified a cluster of related phishing pages, all using Apple lookalike domains.<\/p>\n<h4>Discovery of an iPhone Unlocking Marketplace<\/h4>\n<p>Not all the domains in the cluster hosted phishing content. In several cases, threat actors had inadvertently exposed their own admin login page at the root of several websites. Other pages on the same domains advertised \u201cphone unlocking tools.\u201d This made us curious: Could these unlocking services be connected to smishing attacks targeting iPhone owners who had lost their devices?<\/p>\n<p>Indeed, we soon identified dozens of Telegram groups functioning as a large underground marketplace focused on unlocking phones. Different sellers offer their services to end users looking to unlock phones. The products are sold under different names, but always offer the same features:<\/p>\n<ul class=\"list-spacing\">\n<li>An unlocking tool: a Windows binary able to automatically \u201cjailbreak\u201d old phones. The same tool also offers a way to extract identifying information from a plugged-in device,<\/li>\n<li>An \u2018FMI OFF\u2019 (Find My iPhone Off) or \u2018iCloud Webkit:\u2019 a phishing and smishing kit designed to convince legitimate owners to forfeit their iCloud\/Apple Account and screen lock passcode,<\/li>\n<li>Social engineering tools: scripts, AI voice calling software and pre-recorded sound files in different languages impersonating Apple and asking for the passcode<\/li>\n<\/ul>\n<p>The tools are typically offered on a pay-as-you-go basis, where customers will pay a small fee per unlock attempt or smishing link sent. End users will routinely ask for technical help and share videos of successful attacks (as in Figure 3)<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"img-400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-1.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 3. Buyer asking for help on how to unlock a likely stolen iPhone XR. An unlocking tool can be seen in the background.<\/p>\n<p>Figure 4 shows the relationship between vendors and patrons.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-2.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 4. Diagram showing the organization of the \u2018FMI OFF\u2019 kit trade<\/p>\n<p>The sale of unlocking services is key. Those tools are often branded to a particular Telegram group. With such software, criminals can automatically unlock older phone models but also extract identifying information that will then be used to craft smishing attacks targeting the device\u2019s owner.<\/p>\n<p>Of course, nobody in those Telegram groups discloses how they obtained the device(s) they are seeking to unlock. Some pretend they\u2019ve simply forgotten the password to an old device, but that does not explain the need for the \u201cFMI OFF,\u201d or the social engineering features included in the tools.<\/p>\n<h3>Technical Capabilities of Unlocking Tools<\/h3>\n<p>The unlocking tools available offer varying levels of sophistication. The more complex ones connect to a license server (presumably to prevent unauthorized reselling) under a pay-as-you-go model: unlocking a recent iPhone can cost anywhere from $5 to $50 depending on the seller. The average price is below $10.<\/p>\n<p>Under the hood, the tools are just crude graphical user interfaces (GUIs) running different command-line tools (Figure 5) based on open-source utilities designed to jailbreak iPhones and extract information.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-3.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 5. Unlocking app offering a very simple GUI<\/p>\n<p>While there are only a handful of functionally distinct \u201cunlocking tools,\u201d they are distributed and resold under different names by individuals located all over the world, making it seem like there is a plethora of options. We found sellers in Bangladesh, India, Pakistan, Venezuela, Mexico, Brazil, and other countries, as shown in Figure 6 below.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-4.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 6. Local resellers of unlocking software<\/p>\n<p>At the time of writing, the latest phone models and iOS versions above 17.0 are not affected by any publicly disclosed vulnerabilities enabling unauthorized access. Some entrepreneurial individuals try to exploit this gap in the iPhone unlocking market by advertising <a href=\"https:\/\/www.virustotal.com\/gui\/file\/98394246dd9772aa12023a577f5662ce9fe5805db62deb16171b39c32385b100\/behavior\" target=\"_blank\">trojanized versions of tools<\/a> or demanding exorbitant fees for an elusive \u201czero day exploit\u201d that doesn\u2019t really exist. If it did, such an exploit would be worth seven figures or more rather than a few hundred dollars.<\/p>\n<p>Unlocking the latest phones requires a different approach: smishing! In this case, the proffered unlocking tools can extract information including device serial number, original activation country, and linked Apple Account. This data will then be used to craft a credible smishing message and landing page. This information gathering can also be done using specific Telegram bots, conveniently operated by the same groups, as shown in Figure 7.<\/p>\n<p class=\"image-caption\">Figure 7. Threat actor using a Telegram bot to find owner information about a given iPhone. The bot is able to check a stolen credentials database and identify linked devices on iCloud. Access to the bot requires payment in advance.<\/p>\n<h4>How Smishing Fits into the Supply Chain<\/h4>\n<p>Besides unlocking tools, developers have also created dozens of different smishing templates, as shown below in Figure 8, covering Apple but also other major brands like Xiaomi and Samsung. All are offered in a variety of languages.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-5.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 8. Image generated by a reseller showing the templates they offer<\/p>\n<p>End users\u2014those looking to unlock phones\u2014will craft the attack by personalizing their chosen template based on information harvested from the unlocking tools such as the victim\u2019s name, email, and whether the passcode has four or six digits. Users can also insert a specific location on the \u201clost iPhone map,\u201d and specify a specific language. All of this is an effort to make the attack appear more credible.<\/p>\n<p>They will then prepare the smishing text, including the link to the now-personalized phishing page. Figure 9 shows examples.<\/p>\n<p class=\"image-caption\">Figure 9. Examples of smishing texts<\/p>\n<p>The text is sent to the contact number displayed on the locked phone\u2019s screen. The malicious link can be sent over WhatsApp, text or email, directly from the smishing template pages as in Figure 10.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"img-400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-6.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 10. WhatsApp smishing message received by a victim; it\u2019s carefully crafted to look like it was sent from an official Apple account<\/p>\n<p>Once the victim enters their credentials, the information is sent back to the attacker via Telegram. The login details are then immediately used to remove all linked devices from the given Apple Account, as shown in the video (Figure 11) below. Figure 12 displays both the smishing configuration panel and how the smishing page would render when browsed.<\/p>\n<p>\n<iframe src=\"https:\/\/www.youtube.com\/embed\/ahD5HCsNcLo?si=g0OAJtk3vIIUJULr\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay;\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen>[embedded content]<\/iframe>\n<\/p>\n<p class=\"image-caption\">Figure 11. A short video by a threat actor demonstrating the customization of a phishing page.<\/p>\n<div class=\"grid-container\">\n<div class=\"grid-item\">\n<img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-7.jpg?w=640&#038;ssl=1\" alt=\"Figure 12a\">\n<\/div>\n<div class=\"grid-item\">\n<img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-8.jpg?w=640&#038;ssl=1\" alt=\"Figure 12b\">\n<\/div>\n<\/div>\n<p class=\"image-caption\">Figure 12. Threat actor generating a link to a malicious landing page (left) and showing what the target page looks like (right)<\/p>\n<h3>Scale of Operations Observed via DNS<\/h3>\n<p>After expanding our initial cluster from applemaps-support[.]live and pivoting on DNS fingerprints, we identified over 10,000 domains associated with these tools. Interestingly, the domains were registered at different times and used very different hosting infrastructure. This corroborates our assessment that multiple groups are involved, based on our observations of the marketplaces.<\/p>\n<p>One thing these domains all had in common was that they were all either lookalikes of the Apple brand or had generic customer-support-themed domain names such as viewlocation[.]app or find-your-phone[.]help. The word map below in Figure 12 illustrates the relative frequency of the most common keywords.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-9.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 13: Most frequent words observed in domain names associated with these campaigns<\/p>\n<p>By stepping back in time in our data, we can observe a small, but growing amount of traffic from our resolvers to verified smishing domains. The query count is comparatively low, but this is expected considering the targeted nature of the attack, along with the pay-as-you-go model used by the tool developers. However, 2025 saw traffic to these domains increase by 350% compared to the previous year, as shown in Figure 14.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-10.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 14. Yearly traffic volume observed for campaign-related domains<\/p>\n<h3>Detection Avoidance<\/h3>\n<p>One interesting quirk we found in some of these tools is the ability to automatically contest detection by security products.<\/p>\n<p>By querying a specific attacker-controlled endpoint hosting the list of smishing domains, and using a headless Chrome browser to attempt connection, the tools can automatically check if any domains have been blocked. If connection to a domain fails, they assume it has been blocked by Google Safe Browsing. The tools will then randomly select an excuse from a list of semi-plausible reasons (\u201cwe are a charity for homeless pets,\u201d \u201cmy daughter\u2019s dance studio website was flagged,\u201d \u201cthe dog ate my homework,\u201d etc.) and submit it to Google to try to have the block removed. It\u2019s difficult to assess how effective this method really is, but at the time of writing most of the smishing domains were not being blocked by Google Safe Browsing.<\/p>\n<p>Figure 15 shows the script code and list of justifications, and Figure 16 shows the output.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-11.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 15. List of supporting reasons the threat actor\u2019s script will choose from to contest a block on a domain<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/lookalike-domains-expose-the-iphone-theft-economy-12.jpg?w=640&#038;ssl=1\"><\/p>\n<p class=\"image-caption\">Figure 16. Threat actor running the script and its output<\/p>\n<h4>What We Learned<\/h4>\n<p>What we initially assumed was simple smishing revealed an ecosystem perfectly designed to solve a single problem: turning stolen iPhones into valuable, sellable goods.<\/p>\n<p>Today, a locked device is almost worthless on the black market, while an unlocked, high-end model is easy to resell and can fetch hundreds of dollars. With this in mind, an underground marketplace has emerged which covers the entire digital supply chain from cracking to smishing. As is now commonly the case, the tools are designed to be simple and intuitive enough to offer a very low barrier to entry. This maximizes the potential user base and amplifies their reach.<\/p>\n<p>Interestingly, and somewhat counter-intuitively, our findings show that the data stored on the device is considered to have little value. All the tools we analyzed wipe the device by default as soon as access is attained. Just reselling the device offers the most favorable trade\u2011off between risk and profit.<\/p>\n<p>Acquiring a phone could be free (depending on how you do it). Unlocking it using one of these underground tools could cost less than a hundred U.S. dollars. Even older iPhone models can still be sold for hundreds of dollars.<\/p>\n<p>As for the tool developers, their pricing model is based on individual unlock attempts, making volume a critical driver of revenue. The low barrier to entry, affiliate resellers and Telegram channels filled with success stories are, of course, intentional.<\/p>\n<p>The growth of this ecosystem can be easily observed in DNS, reflected in the sharp increase in traffic to associated domains we have seen over the past year. As the ecosystem grows, risk increases accordingly\u2014not only in the digital realm, but in the physical world as well. Unlocking capabilities directly translate into real-world theft, turning abstract online activity into tangible personal danger. With a phone in nearly every pocket, there\u2019s no shortage of potential victims.<\/p>\n<h3>Sample List of Indicators<\/h3>\n<p>The full list of indicators is available on our <a href=\"https:\/\/github.com\/Infoblox-CTO\/phoebe-openintel\" target=\"_blank\">open Github repository.<\/a><\/p>\n<table readability=\"4\">\n<tr>\n<td><strong>Domain<\/strong><\/td>\n<td><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td>findyourphone[.]help<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>apple[.]com-app[.]lt<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>applemap[.]us<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>applesupporter[.]us<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>smartthingsfind-samsung[.]com<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>navigate-to-location[.]me<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>lphone-retained-store[.]us<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>view-location[.]app<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>photos-sharing[.]in<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>find[.]my-id[.]com[.]es<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>apple[.]connect-app[.]info<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>support-lcloud[.]xyz<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>icloud-f[.]com<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>mapsfind[.]info<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>locate-it-now[.]net<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>apple-mylocation[.]info<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>applebrasil[.]info<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>icloud[.]sa[.]com<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<tr>\n<td>phone[.]xuidns[.]pw<\/td>\n<td>Phishing domain<\/td>\n<\/tr>\n<\/table>\n<style>\n.savy-seahorse-table {\nfont-size:14px;word-break: keep-all;}.savy-seahorse-table td:last-child, .savy-seahorse-table th:last-child {padding-right:10px;}.code-format {\/*font-family: 'Courier New';*\/}.image-caption { font-size: 12px;margin-top:auto;}.list-spacing li{margin-bottom:20px}.img-container, .img-container-3-col {display: flex;flex-wrap: wrap;justify-content: space-between;}.img-container img {width: 49%;margin-bottom: 10px;}.img-container-3-col img {width: 30%;margin-bottom: 10px;object-fit: contain;}@media (max-width: 767px) {.img-container, .img-container-3-col {display: block;}.img-container img, .img-container-3-col img {width: 100%;}.grid-container { grid-template-columns: 1fr!important; }}@media (min-width: 767px) {.img-50{width:50%;}}.grid-container { display: grid; grid-template-columns: repeat(2, 1fr); gap: 40px; max-width: 800px; margin: 0 auto; align-items: stretch;margin-bottom: 20px;}.grid-item { display: flex; flex-direction: column; justify-content: flex-start;}.grid-item img { max-width: 100%; height: auto;width: auto;}\n.youtube-responsive { position: relative; width: 100%; padding-bottom: 56.25%; \/* 16:9 aspect ratio *\/ height: 0; overflow: hidden; margin-bottom: 20px;\n}\n.youtube-responsive iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%;\n}\n.img-400{\nmax-width: 400px; width: 100%;\n}\n<\/style>\n<p> <a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lookalike-domains-expose-the-iphone-theft-economy\/\">Infoblox Original<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authors: Ma\u00ebl Le Touz, Elena Puga Executive Summary Modern smartphones<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4910,1945,3586,305,5323,3158,60,1069,1011,6638,6637],"tags":[4917,1950,3588,309,5324,3160,67,1071,1013,6640,6639],"class_list":["post-8644","post","type-post","status-publish","format-standard","hentry","category-icloud","category-infoblox-threat-intel","category-ios","category-iphone","category-jailbreak","category-mobile-security","category-phishing","category-smishing","category-spearphishing","category-stolen-phone","category-theft","tag-icloud","tag-infoblox-threat-intel","tag-ios","tag-iphone","tag-jailbreak","tag-mobile-security","tag-phishing","tag-smishing","tag-spearphishing","tag-stolen-phone","tag-theft"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Infoblox","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/infoblox\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/icloud\/\" rel=\"category tag\">iCloud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/infoblox-threat-intel\/\" rel=\"category tag\">Infoblox Threat Intel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ios\/\" rel=\"category tag\">iOS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iphone\/\" rel=\"category tag\">iPhone<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/jailbreak\/\" rel=\"category tag\">jailbreak<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mobile-security\/\" rel=\"category tag\">mobile security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/smishing\/\" rel=\"category tag\">Smishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spearphishing\/\" rel=\"category tag\">spearphishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/stolen-phone\/\" rel=\"category tag\">stolen phone<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/theft\/\" rel=\"category tag\">theft<\/a>","tag_info":"theft","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8644"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8644\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}