You receive a fake iPhone found message, you don’t have to respond because the scammers’ intent is to steal your Apple ID credentials.
There is a new and sophisticated scam targeting those who have lost an iPhone or had their device stolen. The British National Cyber Security Center raised the alarm after numerous reports from users who, even months after their loss, received apparently official messages announcing the discovery of the phone abroad.
Watch out for the Apple ID. Fraudsters leverage the legitimate hope of finding the mobile phone to make their fraudulent communications more effective, sent with the aim of stealing the Apple ID credentials, the key that allows you to remotely control any associated device. A phenomenon which, according to analysts, is not limited to the United Kingdom: it can affect anyone, anywhere.
Artfully constructed messages. The scam is based on sending messages via iMessage or SMS that at first glance seem genuine. The criminals insert plausible technical details into the text, such as the iPhone model or memory capacity, sufficient to make people believe that the communication really comes from Apple. Inside, a link appears that promises to show the phone’s updated location, but instead leads to a web page disguised as an Apple login portal.
Once credentials are entered, victims unintentionally hand over full access to their account, allowing attackers to hack into the device remotely. The effectiveness of the attack arises precisely from the meticulousness with which it is constructed: every detail is designed to be credible to a worried and, therefore, more vulnerable user.
Objective: Disable the block. Stealing the Apple ID is not only used to access the associated services, but above all to bypass the Activation Lock, the anti-theft system that makes an iPhone unusable for anyone who does not have the owner’s credentials. This block is so well thought out that it prevents any resale on the black market, which is why the only strategy left for criminals is to convince the user to deactivate it themselves.
Phishing is therefore the tool that allows you to transform an effective defense into a weak point through psychological manipulation. To get in touch with the owner, attackers can exploit the SIM inserted in the stolen device or, paradoxically, the “Where is” function. If the user leaves a message on the lock screen hoping for the phone to be found, they unintentionally provide the contact number through which the scammers will contact them.
The Italian variants. In parallel to the British body, our CSIRT (Computer Security Incident Response Team) reported another phishing campaign with similar methods, although not linked to lost iPhones.
In this case the trap arrives via email and concerns an alleged exhaustion of storage space in the mailbox. The message invites you to free the cache via a link that leads, as in the previous case, to a fake login page built to steal credentials. Despite having different objectives, both campaigns show a common trait: the use of social engineering to push the user to act on impulse.
It is precisely this human vulnerability, rather than a technological flaw, that makes such targeted attacks possible. For this reason, knowing the mechanisms of scams and being wary of unexpected messages always remains the most effective defense.
