The Swiss National Cyber Security Centre (NCSC) has issued a warning regarding a sophisticated phishing campaign targeting iPhone owners who have lost their devices. The scam aims to steal Apple ID credentials by deceiving victims into believing their missing phone has been recovered, ultimately enabling attackers to disable critical security features.
Reports indicate that victims receive convincing text messages or iMessages, often months after their iPhone went missing, claiming the device has been found—frequently abroad. These messages often include accurate details like the phone’s model, color, and storage capacity, information that attackers can glean directly from the lost device. A link within the message directs users to a fraudulent website, meticulously designed to mimic Apple’s official login portal, where entering credentials grants attackers control over the victim’s Apple ID.
The primary objective of these attackers is to bypass or remove the Activation Lock, a robust security measure from Apple that permanently links an iPhone to its owner’s Apple ID. This feature is crucial in deterring theft by rendering a device unusable and unsellable to unauthorized individuals, as there is no known technical method to circumvent it without the original owner’s credentials. Social engineering, therefore, becomes the only viable path for criminals seeking to profit from stolen devices.
While the exact methods for obtaining a lost device owner’s contact information remain somewhat obscure, the NCSC suggests several possibilities. Attackers may retrieve phone numbers from unblocked SIM cards present in the lost phone. Alternatively, the Find My feature, which allows owners to display contact details on a lost device’s lock screen, can inadvertently provide criminals with the necessary information to launch a targeted phishing attack.
To counter these threats, the NCSC advises iPhone users to exercise extreme caution. Crucially, Apple will never notify users via text message or email about a found device. Users should never click on links in unsolicited messages or input their Apple ID details on linked websites. In the event of a lost device, activating Lost Mode immediately via the Find My app or iCloud.com/find is paramount, and care should be taken with contact information displayed on the lock screen, perhaps by using a dedicated email address. Protecting the SIM card with a PIN and never removing the device from an Apple account, which would disable Activation Lock, are additional vital safeguards.
Remaining vigilant against social engineering tactics that exploit common anxieties, such as the loss of a personal device, is essential for maintaining digital security.