I4C Warns of Phishing Scam Targeting Lost iPhone Users

Key Takeaways

• Scammers send fake Apple Support SMS messages to users who lost their iPhones, redirecting them to counterfeit login pages
• Once attackers get your Apple ID and OTP, they can remove Activation Lock from stolen devices
• Apple never sends SMS links asking for login credentials. Use only the official Find My app or iCloud website

The Scam: Fake Apple Support Messages

India's National Cybercrime Threat Analytics Unit, part of the Indian Cybercrime Coordination Centre (I4C), issued an advisory on Saturday warning iPhone users about a sophisticated phishing campaign. The scam specifically targets people whose devices have been lost or stolen.

Here's how it works: fraudsters send SMS messages that look like legitimate Apple Support notifications. These messages typically reference 'Find My iPhone' and contain links to fake Apple login pages. The pages are designed to steal your Apple ID credentials and One-Time Passwords.

"Fraudsters are exploiting the urgency and emotional distress of users who have lost their devices by masquerading as Apple's official security services," said an I4C official.

The timing is deliberate. Someone who just lost an expensive iPhone is anxious, distracted, and more likely to click a link without scrutinizing it. The scammers count on that panic.

What Happens After You Click

Once attackers have your Apple ID and OTP, they gain full access to your iCloud account. The real goal: removing the linked Apple ID from your stolen device.

This is where physical theft meets digital fraud. Modern iPhones have Activation Lock, which ties a device to your Apple ID. Even if someone steals your phone, they can't wipe and resell it without your credentials. By phishing your login details, scammers bypass this protection entirely. Your stolen iPhone becomes a clean, resellable device.

The I4C advisory noted that many of these phishing messages come from international SMS headers, which should be a red flag.

How to Protect Yourself

The I4C's guidance is straightforward:

• Never click links in SMS messages claiming to be from Apple, especially from international numbers
• Check URLs carefully before entering any credentials
• Use only Apple's official 'Find Devices' service at iCloud.com or the Find My app on another Apple device
• Report suspicious messages to the national cybercrime helpline at 1930

A critical point that discussions on r/apple and cybersecurity forums emphasize: Apple does not initiate contact via SMS with login links. Ever. If you receive a text asking you to sign in through a link, it's a scam.

Why This Scam Works

The psychology here is simple. You've just lost a device worth Rs 80,000 or more. A message arrives saying your iPhone has been located. You want it to be real. That hope overrides caution.

The fake pages are convincing. They replicate Apple's design language, use similar URLs, and even include fake security prompts asking for OTPs. Unless you're actively looking for red flags, they pass inspection.

The video above breaks down how these fake Apple Support pages are constructed and what details give them away.

The Bigger Picture

This represents a "hybrid" threat model that security researchers have been tracking. Physical theft is paired with social engineering to maximize the value of stolen devices. The phone thief may not be the same person running the phishing operation. There's often a supply chain: one group steals phones, another runs credential harvesting, and a third handles resale.

For users, the lesson is consistent. Verify everything through official channels. If you lose your iPhone, go directly to iCloud.com or use Find My on a trusted device. Don't trust any link that comes to you, no matter how urgent it sounds.

Frequently Asked Questions

Does Apple send SMS messages about lost iPhones?

No. Apple does not send SMS messages with links asking you to log in. All legitimate Find My notifications come through the app or iCloud, not text messages.

What should I do if I clicked a suspicious link and entered my Apple ID?

Immediately change your Apple ID password at appleid.apple.com, enable two-factor authentication if not already active, and check your account for unauthorized devices. Report the incident to 1930.

How can scammers send messages that look like they're from Apple?

SMS spoofing allows senders to change the displayed sender name. The message may say "Apple" but actually originates from a random number. Always check the actual sending number.

Can I recover my iPhone if scammers already removed my Apple ID?

Once your Apple ID is removed from a device, you lose the ability to track or lock it remotely. File a police report and report the theft to Apple through official channels, but recovery becomes unlikely.

Where do I report iPhone phishing scams in India?

Call the national cybercrime helpline at 1930 or file a complaint at cybercrime.gov.in.

Source: Tech-Economic Times / ET