iPhone owners who have lost their device are being targeted by a deceptive phishing scam, according to a warning issued by the Swiss National Cyber Security Centre (NCSC). This attack preys on the hope of recovering a missing phone, using information readily available on the locked device to make the message appear highly authentic. Customers who have lost their iPhone can utilize Apple’s Find My app to set a custom message that appears on the lock screen, often including an email address or phone number so a finder can contact them. Threat actors are now exploiting this public contact information to initiate their credential-stealing operation.
Scammers are using the contact information displayed on the lost iPhone to send targeted phishing texts, or “smishing,” via SMS or iMessage. These fraudulent messages claim to be from Apple’s Find My team and assure the anxious owner that their phone has been located. The NCSC highlights that losing an iPhone causes significant stress due to the loss of both the device and potential access to personal data, and this emotional state is exactly what the attackers are trying to exploit. Instead of an honest person finding the phone, the scammers use the situation to exploit the victim’s hope for recovery.
What makes this particular scam so convincing is the level of detail included in the phishing message. The attackers can extract specific information directly from the locked device, such as its model, color, and storage capacity, which they then insert into the text. For instance, a victim might receive a message reading, “We are pleased to inform you that your lost iPhone 14 128GB Midnight has been successfully located.” The message also includes a sense of urgency and legitimacy by adding a disclaimer: “If you did not initiate a lost device report or believe this message was sent in error, please disregard it or contact our support team immediately.”
The main goal of the scam is to drive the victim to a fraudulent link provided within the text. The phishing message urges the user to click a link to view the alleged current location of their found device. Though it appears to be an official Find My website, the link actually redirects to a meticulously crafted phishing page. This page is designed to mimic the appearance of Apple’s official Find My login prompt, thereby establishing a high degree of false trust.
When a victim, believing they are logging in to the real Apple service, enters their Apple ID and password, those sensitive credentials are immediately transmitted to the attackers. This action effectively grants the scammers full, unauthorized access to the victim’s Apple account, which holds a wealth of personal and financial information. The NCSC’s warning underscores the critical importance of scrutinizing any message about a lost device, especially those that request login information.
Reference:
