Summary of this article
I4C warns iPhone users about phishing scams targeting lost devices.
Fake SMS links steal Apple ID credentials through imitation iCloud pages.
Users must avoid unknown links and enable strong security features.
Scams in India are growing steadily, with cybercriminals finding new ways to trap people through digital platforms. Recently, a new phishing scam has been seen targeting Apple iPhone users, especially those who have lost their devices.
The Indian Cyber Crime Coordination Centre (I4C), a nodal agency under the Ministry of Home Affairs (MHA), has issued an advisory after identifying a sophisticated phishing campaign targeting Apple iPhone users.
How the Scam Works
The phishing scam works in a planned way where fraudsters first look for users whose Apple iPhones have recently been lost or stolen. These users are then targeted with fake SMS messages that look like they are coming from Apple Support or “Find My Device,” usually using numeric sender IDs and urgent wording.
These messages contain links that take users to fake websites which look very similar to Apple’s official login or iCloud pages. Users are asked to enter their Apple ID details and One-Time Passwords, which are then secretly captured by scammers.
After this, attackers get access to the victim’s iCloud account, remove the linked Apple ID from the device, and also turn off security features like Find My iPhone. This allows them to misuse or even resell the device.
How You Can Protect Yourself
Users should remain cautious while handling messages related to lost or stolen devices. They are advised to avoid clicking on links received via SMS from unknown or international numbers and to carefully verify website URLs before entering any login details. OTPs should never be shared with anyone or entered on unverified platforms, as these are commonly used to steal account access.
I4C has also advised iPhone users to rely on Apple’s official Find Devices service through iCloud and ensure that Find My iPhone remains enabled. Users are further encouraged to activate Two-Factor Authentication, use strong passwords, and keep their devices updated with the latest security patches. Any suspicious activity or phishing attempt should be reported on the national cybercrime portal or via the helpline number 1930.
