Scammers have found a new way to prey on iPhone owners, and it starts with a message that looks convincingly like an official Apple alert. These phishing texts mimic the trusted “Find My” service, creating a sense of urgency that pushes users to unknowingly hand over their Apple ID, and with it, access to their most personal data. The scheme is slick, strategic, and surprisingly easy to fall for. So how exactly are these fake alerts fooling even savvy users? Keep reading to find out what’s really happening behind the screen.
Cybercriminals exploit lost-device panic with convincing fake Apple messages
Misplacing your iPhone is unsettling, so when a message pops up claiming your device has been found, it’s natural to cling to a bit of hope. But that moment of relief is exactly what scammers are counting on. A growing phishing scheme is zeroing in on iPhone owners desperate to track down their lost devices, and the Swiss National Cyber Security Centre (NCSC) warns that criminals are now twisting Apple’s own Find My system into a tool for deception. These texts are surprisingly polished, often matching the exact model, color, or storage of the missing phone and insisting it has been discovered.
Under normal circumstances, marking an iPhone as lost lets you display a custom lock-screen message with your contact details. Scammers have learned to exploit this, crafting messages that mimic official Find My alerts to make their impersonation sound credible. One of the fraudulent texts reads:
“We are pleased to inform you that your lost iPhone 14 128GB Midnight has been successfully located. To view its current location, click the link below…”
But the link doesn’t lead to help; it leads to a trap. Victims are sent to a near-perfect counterfeit of Apple’s login page, where entering an Apple ID and password hands scammers the keys to everything. With those details, attackers can shut off Activation Lock, Apple’s critical barrier that keeps stolen phones from being wiped, reused, or resold—turning a stressful situation into a far more damaging one.
Practical tips to avoid falling for Apple ‘Find My’ scams
To avoid falling victim to this sophisticated ‘Find My’ phishing scam, implement the following security measures immediately:
- Never Trust Unsolicited Texts: Be wary of all sudden notifications. Remember, Apple will never contact you via text or direct message regarding the status or location of a lost device.
- Always Use Official Channels: If you need to check the status of a lost device, bypass any external links. Navigate directly to the ‘Find My’ app on another trusted device or log in securely through iCloud.com in your browser.
- Avoid All Embedded Links: Do not click on any hyperlink contained within an unexpected or suspicious text, email, or pop-up claiming to be from Apple Support or the Find My team.
- Enable Two-Factor Authentication (2FA): This is the most critical defense. Activating 2FA will block unauthorized access to your account even if your primary password has been stolen.
- Use a Disposable Contact Email: When activating Lost Mode, set your contact information to a separate email address that is not linked to your primary Apple ID.
- Secure Your SIM Card: Enable a SIM PIN on your device. This prevents criminals from placing your SIM card into another phone to receive verification codes or reset accounts.
- Maintain Security Software: Ensure your operating systems, antivirus software, and Virtual Private Network (VPN) are kept current to better identify and block known malicious websites.
- Take Action After an Attack: If you fall victim to the scam, immediately change your Apple ID password, report the incident to your local law enforcement agency, and notify your bank or credit card provider if payment information was compromised.
Source: Digit.in