I4C Warns of Phishing Scam Targeting Lost iPhone Users
Key Takeaways
- Scammers send fake Apple Support SMS messages to users who lost their iPhones, redirecting them to counterfeit login pages
- Once attackers get your Apple ID and OTP, they can remove Activation Lock from stolen devices
- Apple never sends SMS links asking for login credentials. Use only the official Find My app or iCloud website
The Scam: Fake Apple Support Messages
India's National Cybercrime Threat Analytics Unit, part of the Indian Cybercrime Coordination Centre (I4C), issued an advisory on Saturday warning iPhone users about a sophisticated phishing campaign. The scam specifically targets people whose devices have been lost or stolen.
Here's how it works: fraudsters send SMS messages that look like legitimate Apple Support notifications. These messages typically reference 'Find My iPhone' and contain links to fake Apple login pages. The pages are designed to steal your Apple ID credentials and One-Time Passwords.
"Fraudsters are exploiting the urgency and emotional distress of users who have lost their devices by masquerading as Apple's official security services," said an I4C official.
The timing is deliberate. Someone who just lost an expensive iPhone is anxious, distracted, and more likely to click a link without scrutinizing it. The scammers count on that panic.
What Happens After You Click
Once attackers have your Apple ID and OTP, they gain full access to your iCloud account. The real goal: removing the linked Apple ID from your stolen device.
This is where physical theft meets digital fraud. Modern iPhones have Activation Lock, which ties a device to your Apple ID. Even if someone steals your phone, they can't wipe and resell it without your credentials. By phishing your login details, scammers bypass this protection entirely. Your stolen iPhone becomes a clean, resellable device.
The I4C advisory noted that many of these phishing messages come from international SMS headers, which should be a red flag.
How to Protect Yourself
The I4C's guidance is straightforward:
- Never click links in SMS messages claiming to be from Apple, especially from international numbers
- Check URLs carefully before entering any credentials
- Use only Apple's official 'Find Devices' service at iCloud.com or the Find My app on another Apple device
- Report suspicious messages to the national cybercrime helpline at 1930
A critical point that discussions on r/apple and cybersecurity forums emphasize: Apple does not initiate contact via SMS with login links. Ever. If you receive a text asking you to sign in through a link, it's a scam.
Why This Scam Works
The psychology here is simple. You've just lost a device worth Rs 80,000 or more. A message arrives saying your iPhone has been located. You want it to be real. That hope overrides caution.
The fake pages are convincing. They replicate Apple's design language, use similar URLs, and even include fake security prompts asking for OTPs. Unless you're actively looking for red flags, they pass inspection.
The video above breaks down how these fake Apple Support pages are constructed and what details give them away.
The Bigger Picture
This represents a "hybrid" threat model that security researchers have been tracking. Physical theft is paired with social engineering to maximize the value of stolen devices. The phone thief may not be the same person running the phishing operation. There's often a supply chain: one group steals phones, another runs credential harvesting, and a third handles resale.
For users, the lesson is consistent. Verify everything through official channels. If you lose your iPhone, go directly to iCloud.com or use Find My on a trusted device. Don't trust any link that comes to you, no matter how urgent it sounds.
Logicity's Take
Frequently Asked Questions
Does Apple send SMS messages about lost iPhones?
No. Apple does not send SMS messages with links asking you to log in. All legitimate Find My notifications come through the app or iCloud, not text messages.
What should I do if I clicked a suspicious link and entered my Apple ID?
Immediately change your Apple ID password at appleid.apple.com, enable two-factor authentication if not already active, and check your account for unauthorized devices. Report the incident to 1930.
How can scammers send messages that look like they're from Apple?
SMS spoofing allows senders to change the displayed sender name. The message may say "Apple" but actually originates from a random number. Always check the actual sending number.
Can I recover my iPhone if scammers already removed my Apple ID?
Once your Apple ID is removed from a device, you lose the ability to track or lock it remotely. File a police report and report the theft to Apple through official channels, but recovery becomes unlikely.
Where do I report iPhone phishing scams in India?
Call the national cybercrime helpline at 1930 or file a complaint at cybercrime.gov.in.
Need Help Implementing This?
Source: Tech-Economic Times / ET
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
E-Ink Devices Go Beyond eReaders: Phones, Tablets, and Monitors
E-Ink technology has expanded far beyond Kindle-style book readers into smartphones, Android tablets, and desktop monitors. New devices like the Minimal Phone and Boox Palma 2 offer paper-like screens that reduce eye strain and phone addiction, while color E-Ink tablets now run full Android with Play Store access.
5 Netflix War Movies Worth Your Time This Memorial Day
Netflix offers a solid lineup of war films for Memorial Day viewing. From Denzel Washington's Oscar-winning turn in Glory to Spike Lee's Vietnam treasure hunt Da 5 Bloods, these picks balance combat action with genuine character study.
Why DVDs Still Belong in Your Homelab Backup Strategy
Hard drives fail. SSDs lose data when unpowered. Cloud providers can lock you out. A growing homelab movement is turning to optical media as the ultimate cold storage solution, and the math actually makes sense.