Fake “Find My” Alerts Steal Apple IDs on Lost Devices
Cybercriminals are exploiting Apple’s Find My ecosystem in a new phishing campaign designed to steal Apple ID credentials from users who have recently marked their devices as lost. The scheme uses highly convincing SMS messages that claim a missing iPhone has been located, complete with a link that appears to come from Apple’s official device-recovery system.
Once the victim taps the link, they are taken to a fake iCloud login page crafted to mimic Apple’s website with near-perfect accuracy. Users are then prompted to enter their Apple ID and password—credentials that attackers immediately use to perform full account takeovers.
With unauthorized access, criminals can:
- Disable Activation Lock, allowing stolen iPhones to be reused or resold
- Erase the device remotely
- Access iCloud-stored data including photos, backups, and messages
- View location history and ongoing device tracking
- Use saved payment methods for fraudulent purchases
Security researchers warn that the scam is effective because attackers time the messages shortly after a device is reported lost, increasing the likelihood that victims trust the alert. This demonstrates a growing trend of context-aware phishing, where scammers rely on real-world events to socially engineer their targets.
Apple advises users never to trust “Found Device” alerts sent via SMS or email, and to verify all device-recovery information directly through the Find My app or by visiting iCloud.com manually. Users are also encouraged to enable two-factor authentication and review account-recovery settings to reduce the impact of credential theft.
References
- Tom’s Guide – “That text claiming to have found your lost iPhone could actually be from scammers”
tomsguide - Malwarebytes – “Stolen iPhones are locked tight, until scammers phish your Apple ID credentials”
malwarebytes - TechRepublic – “Lost your iPhone? Beware fake ‘Find My’ messages aiming to steal your Apple ID” techrepublic