Two-factor authentication, code lock, Touch ID, Face ID, periodic credit card verification, account lockout after too many failed unlock attempts ... Apple has a level of protection of our data that some think It is even obsessive, but it is always for the benefit of our safety.
Now: Apple can be very good at protecting our devices and data, but it will never be perfect. Neither Apple nor any other company. There will always be some method with which you can unlock lost or stolen iPhones. But with the level of protection there is now ... how are thieves managing right now to achieve this unlock? It is difficult, but there are several ways to achieve it that do nothing more than remind us to always have the lock and all extra protection of our iPhone active.
Motherboard has been the one who has investigated about these methods, whose complexity varies depending on the type of crime that is committed. Without going any further, someone can always rob you and threaten violence unless you close the iCloud session of your phone and deliver it. This is what the top tweet explains: in Philadelphia there has been a wave of robberies at gunpoint where the first thing the victim is required to do is deactivate the 'Find my iPhone' tool . It is a very unpleasant situation to which little can be done at the moment.
Against this there is not much to do, but what happens when what the thief manages to do is get hold of an iPhone that has been remotely locked by its owner? So what is resorted to is to try to deceive the user by phishing . Emails are sent to the victim posing as Apple, reporting that recent activity has been detected on the stolen terminal. The trap is that in those emails you are asked to go to a website that is posing as the official iCloud website, where you log in. Done, they have already taken your password. And although two-factor verification is activated, since they are the ones that have your iPhone, they can use it without problems.
Another method thieves use if they see that direct victim phishing doesn't work is trying to trick Apple Store employees . They go to the stores with falsified invoices, so that the employees access to unlock the terminals remotely. If they succeed in either of these two ways, they are left with an unlocked iPhone that they can already sell in full or in parts.