Is there a consensus on what you should actually do in the event your phone is stolen? Someone I know's phone was stolen and I helped them through it (remotely) in real time, and I remember looking up what to do and having to sort through a lot of straight up bad advice, including articles that seem naive as to what actually happens in real life when thieves steal a phone.

In this case, the phone was marked as lost immediately, but a couple of days later the thieves started trying to reset the password on the owner's iCloud account using various methods, the first of which produced 1st party push notifications asking to confirm the account password reset that were sent to the owner's other signed-in devices that were still in their possession. In the moment, it would be so easy for a confused & stressed person to accidentally or mistakenly tap those notifications and enable their own account hijacking.

The thieves then evidently called Apple Support and tried to get the iCloud account password reset over the phone, but by this point the owner had already gotten a new phone and SIM for their phone number, which meant that Apple Support's 2FA SMS codes were received by their replacement phone (in their possession) instead of the stolen phone (in the thieves' possession, and which no longer had cell service). It seems like if they had delayed in getting their new phone and left the stolen device with functional cell service, the hijacking might have succeeded at this point.

Apple's own "What to do if your iPhone is stolen" page [0] has no info these tactics that are actually used in the moment by phone thieves. That page does link to a page about social engineering scams [1] but approaches that in a general sense.

I think Apple's way of handling it should be way more intuitive. For example, they should differentiate between phones that are lost and stolen. If your phone is lost, you want to protect against someone finding it and being able to access the phone's contents. If your phone is stolen, the thieves will most likely try to hijack your iCloud account as well, and they'll try and social engineer both the owner and Apple Support to do so, so add a "Mark as Stolen" option that also adds protections against iCloud account hijacking.

[0] https://support.apple.com/en-us/120837

[1] https://support.apple.com/en-us/102568

> In the moment, it would be so easy for a confused & stressed person to accidentally or mistakenly tap those notifications and enable their own account hijacking.

That won't give them access. When you respond to the reset password notifications, it then asks for a new password on the same device you responded on, not on the device that requested the reset.