Week 44: Lost iPhone – the phishing trap that follows

Languages

Service navigation

Search

Navigation

Week 44: Lost iPhone – the phishing trap that follows

04.11.2025 - The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing. While such messages offer the hope of getting your phone back, they are in fact a targeted attempt to steal your Apple ID credentials. This week's review examines how these scams work in more detail.

Losing your iPhone is always annoying. Not only is the device gone, but your personal data may also be lost. Once the initial panic has passed, most people are left hoping that someone honest will find it. But if scammers have your phone, they may try to exploit this hope. They send text messages or iMessages that appear to come from Apple, claiming that the lost iPhone has been found abroad. To make the messages look convincing, they include accurate details of the missing device – such as its model, colour and storage capacity – which the scammers can read directly from the phone itself. The message contains a link that supposedly shows the device's location, but it actually leads to a fake website designed to look like Apple's official login page. If you enter your Apple ID and password on this fake website, you are giving the scammers full control of your account.

Scam SMS pretending to come from Apple and containing a link.
Scam SMS pretending to come from Apple and containing a link.
Phishing page that asks for Apple ID access data and shows the alleged location of the lost iPhone in the background.
Phishing page that asks for Apple ID access data and shows the alleged location of the lost iPhone in the background.

How the scam works

The scammers' real goal is to remove the Activation Lock. This Apple security feature permanently links an iPhone to its owner's Apple ID, rendering the device useless and unsellable to thieves. As there is no known way to bypass this lock, tricking the owner through social engineering is the only realistic option for criminals. It is difficult to find out the phone number of a locked device – how the scammers do this, we do not know. One possibility is via the SIM card that was in the phone at the time of theft or loss, provided it hasn't been blocked yet. Another possible route is via Apple's Find My feature: when a device is marked as lost, the owner can display a message on the lock screen containing contact details, such as a phone number or email address. This can be very helpful if the finder is honest – but in dishonest hands, the same information can be used to launch a targeted phishing attack.

Recommendations

  • Ignore such messages. The most important rule is: Apple will never contact you by text message or email to inform you that a lost device has been found.
  • Never click on links in unsolicited messages or enter your Apple ID credentials on a linked website.
  • If you lose your device, act immediately: enable Lost Mode straight away via the Find My app on another device or at iCloud.com/find. This will lock the device.
  • Be careful about which contact details you show on your lost device's lock screen. For example, use a dedicated email address created specifically for this purpose. Never remove the device from your Apple account, as this would disable the Activation Lock.
  • Make sure your SIM card is protected with a PIN. This simple yet effective measure prevents criminals from gaining access to your phone number.

Last modification 04.11.2025

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2025/wochenrueckblick_44.html