The phishing scam sends realistic texts claiming a lost iPhone has been located, with model and color details.
Clicking the fake link leads to a counterfeit Apple login page, giving scammers access to your Apple ID and device.
Stay safe by using only official Apple channels, enabling two-factor authentication, and never clicking links in unsolicited messages.
Losing your iPhone is stressful enough, but getting a text saying it’s been found might sound like a relief at first glance; however, that’s not always the case. A new phishing scam has been reported targeting iPhone users who are desperate to recover their lost devices. The Swiss National Cyber Security Centre (NCSC) says scammers are now exploiting Apple’s Find My feature to trick victims into handing over their Apple ID details. These messages look convincing, often mention the right model, colour, or storage of your phone, and claim your missing iPhone has been located.
But once you tap the link, you’re redirected to a fake Apple login page, giving scammers access to your account and device.
How the scam works
When you mark your iPhone as lost, you can display a message on the lock screen with your contact details. Scammers are using this to make their texts sound believable, pretending to be from Apple’s Find My team. One of the fake messages reads:
“We are pleased to inform you that your lost iPhone 14 128GB Midnight has been successfully located. To view its current location, click the link below…”
Clicking the link takes you to a page that looks exactly like Apple’s official site, but it’s a trap. Once you enter your Apple ID and password, scammers can remove Activation Lock, Apple’s main protection that prevents stolen devices from being reused or sold.
Ignore suspicious messages. Apple will never text or message you about a lost device.
Use official channels only: Check your phone’s status via the Find My app or directly on iCloud.com.
Don’t share your Apple ID credentials or click on links in unsolicited messages.
Use a separate email on your lock screen instead of your main Apple ID address.
Turn on two-factor authentication and enable a SIM PIN for extra protection.
Keep your antivirus and VPN updated to guard against phishing attempts.
If you’re targeted, file a police report, block your device via the CEIR portal (ceir.gov.in), and report the incident on the National Cyber Crime Reporting Portal.
Himani Jha is a tech news writer at Digit. Passionate about smartphones and consumer technology, she has contributed to leading publications such as Times Network, Gadgets 360, and Hindustan Times Tech for the past five years. When not immersed in gadgets, she enjoys exploring the vibrant culinary scene, discovering new cafes and restaurants, and indulging in her love for fine literature and timeless music.