If you’ve ever lost your iPhone, you know that sinking feeling—the panic, the hope someone honest will find it, and the relief when Apple’s Find My app offers a chance to track it. But now, cybercriminals are exploiting that exact moment of vulnerability. According to the Swiss National Cyber Security Centre (NCSC), scammers are sending phishing texts claiming your lost iPhone has been found—all to steal your Apple ID credentials.
The scam begins when users activate Lost Mode through Apple’s Find My feature. This allows them to display a custom message on the phone’s lock screen, often including a contact email or phone number for potential finders. However, threat actors are using this information to send targeted SMS or iMessage phishing attempts (smishing). These fraudulent messages appear to come from Apple’s Find My support team, claiming the lost device has been located—sometimes even “abroad.”
The messages are strikingly realistic. They include details like the model, color, and storage capacity of the phone—information that can be retrieved directly from the locked device. For instance, one example shared by NCSC read: “We are pleased to inform you that your lost iPhone 14 128GB Midnight has been successfully located. To view its location, click the link below.”
The link, of course, doesn’t lead to Apple’s genuine Find My page. Instead, it redirects victims to a phishing site that looks identical to Apple’s login portal. Once users enter their Apple ID and password, attackers gain full access to the account, allowing them to remove the Activation Lock—a crucial security feature that ties a device to its owner’s Apple ID and prevents unauthorized use or resale.
This sophisticated attack underscores how cybercriminals exploit emotional moments to manipulate users. “Losing your iPhone is always stressful,” explains the NCSC. “Scammers take advantage of that panic by sending messages that look official, using psychological pressure to make victims act fast.”
The NCSC urges users to stay vigilant and follow essential safety measures:
- Never click links in unsolicited texts or emails, especially if they reference lost devices.
- Access Find My directly through the official Apple website (iCloud.com/find) or the Find My app.
- Use a dedicated contact email if displaying one on a lost phone’s lock screen.
- Keep your SIM card protected with a PIN, and ensure Activation Lock remains active.
- Remember that Apple will never contact you by SMS or email to report a found device.
Conclusion: As phishing campaigns grow more targeted and convincing, vigilance is your best defense. Losing a phone is bad enough—don’t let cybercriminals turn it into a data breach. Always verify messages through official Apple channels and never share your credentials on third-party sites. Your Apple ID is the key to your digital identity—protect it like you would your most valuable possession.
