A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials.
The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages claiming their lost or stolen iPhones had been found abroad, sometimes months after the devices went missing.
These messages appear to come from Apple and include specific details about the device, such as model, color, and storage capacity, making them look genuine and trustworthy.
The attack works by sending victims a text message or iMessage that claims their iPhone has been located.
To make the scam more convincing, attackers include accurate information about the device that they can read directly from the phone itself.
The message contains a link that supposedly shows the device’s current location but actually redirects to a fake website designed to mimic Apple’s official login page.
.webp "New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices 3")
When victims enter their Apple ID and password on this phishing page, they unknowingly hand over complete control of their account to the scammers.
NCSC security analysts noted that these attacks have become increasingly common, with scammers refining their tactics to make the messages more believable.
The phishing pages are carefully designed to display what appears to be the device’s location in the background while requesting login credentials.
.webp "New Phishing Attack Targeting iPhone Owners Who’ve Lost Their Devices 4")
This creates a sense of urgency and legitimacy that can trick even cautious users into entering their information.
Understanding the Activation Lock Bypass
The primary goal behind this phishing campaign is to disable Apple’s Activation Lock, a security feature that permanently connects an iPhone to its owner’s Apple ID.
This lock makes stolen devices completely useless and impossible to resell, as there is no known technical method to bypass it.
Because of this strong protection, social engineering becomes the only realistic option for criminals to unlock and resell stolen iPhones.
The scammers face one major challenge: discovering the phone number of a locked device. While the exact methods remain unclear, security researchers believe attackers use two main approaches.
The first involves accessing the SIM card that was in the phone when it was stolen, provided the owner has not blocked it yet.
The second method exploits Apple’s Find My feature, where owners can display a message on the lock screen with contact details like phone numbers or email addresses for honest finders to reach them.
Unfortunately, this helpful feature becomes a vulnerability when the device falls into criminal hands, providing them with the exact information needed to launch targeted phishing attacks.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
