Losing an iPhone is stressful enough without becoming the target of sophisticated scammers. A new phishing campaign is exploiting device owners’ distress by impersonating Apple and claiming that their lost iPhones have been recovered.
These attacks combine social engineering with technical knowledge to steal Apple ID credentials and turn off critical security features.
When someone loses their iPhone, scammers are sending fraudulent text messages and iMessages that appear to originate from Apple, informing victims that their device has been found in a foreign location.
The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing.
What makes these messages particularly convincing is the inclusion of accurate device specifications model name, color, and storage capacity information that criminals can extract directly from the stolen or found iPhone itself.
The messages contain a link purportedly showing the device’s current location. However, this link redirects victims to a meticulously crafted phishing page designed to mimic Apple’s official login interface.
Once unsuspecting owners enter their Apple ID and password on this fake website, they unwittingly hand over complete account access to the attackers.
Bypassing Activation Lock
The scammers’ ultimate goal isn’t account theft for its own sake it’s disabling Apple’s Activation Lock. This security feature permanently binds an iPhone to its owner’s Apple ID, making stolen devices functionally worthless and impossible to resell.
Since no technical exploit exists to bypass this protection, social engineering remains criminals’ only viable option to unlock these devices.
The method scammers use to obtain victims’ phone numbers remains somewhat unclear. One likely avenue is through the SIM card still inserted in the device at the time of theft or loss, assuming the owner hasn’t yet blocked it.
Another possibility involves exploiting Apple’s Find My feature itself. When owners mark a device as lost, they can display a message on the lock screen containing contact information a phone number or email address intended for honest finders.
Unfortunately, this same feature provides scammers with targeted contact details for their phishing attacks.
Protecting Yourself from This Threat
Understanding how to respond to potential device loss is crucial. First and foremost, remember that Apple never contacts customers via text message or email to report found devices. Any such communication is automatically suspicious and should be ignored.
Never click links in unsolicited messages claiming to involve your Apple devices, and under no circumstances enter your Apple ID credentials on any website reached through such links. If you lose your device, enable Lost Mode immediately through the Find My app on another device or by visiting iCloud.com/find. This action locks the device and protects your data.
Exercise caution when displaying contact details on your lost device’s lock screen. Consider using a dedicated email address explicitly created for device recovery purposes rather than your primary contact information.
Critically, never remove the device from your Apple account, as doing so disables the Activation Lock exactly what thieves want.
Finally, ensure your SIM card is protected with a PIN code. This simple yet effective measure prevents criminals from accessing your phone number and using it to contact you with fraudulent messages.
As scammers continue developing more sophisticated attacks that exploit both technology and human emotion, staying informed about these tactics remains your strongest defense against becoming a victim.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.