New iPhone Scam Steals Apple ID

Palo,Alto,,Ca,,Usa,-,Apr,26,,2022:,Closeup,Of

A sophisticated new scam exploits Apple’s trusted “Find My” feature to trick iPhone owners into surrendering their devices and Apple ID credentials.

Story Highlights

Scammers abuse Apple’s “Find My” feature to display fake lost-device messages on lock screens with phishing links
Criminals time attacks to target new iPhone buyers during vulnerable activation periods
Switzerland’s National Cyber Security Center issued urgent warnings about the escalating threat
Victims lose complete access to devices, Apple ID accounts, and connected services like iCloud

Apple’s Security Feature Weaponized Against Users

Switzerland’s National Cyber Security Center exposed how criminals exploit Apple’s “Find My” network to launch targeted phishing attacks. Scammers mark stolen or found iPhones as lost, then display fraudulent contact messages on lock screens containing malicious links. When victims click these links and enter their Apple ID credentials to “recover” their device, criminals gain complete control over their accounts and connected services.

Holiday Shopping Season Creates Prime Targeting Window

The scam deliberately targets new iPhone purchasers during activation periods when users expect legitimate carrier communications. Cybersecurity expert Kurt Knutsson describes the operation as “alarmingly sneaky,” noting how scammers mimic official carrier language in timed calls. This timing exploitation makes the fraud particularly effective, as victims assume contact attempts are part of normal setup procedures rather than criminal activity.

Expanding Threat Landscape Beyond iPhone Users

The “Find My” exploitation represents part of a broader mobile device scam ecosystem affecting both iOS and Android users. Criminals use similar social engineering tactics on Android devices through fake Google search advertisements leading to remote access tools. These parallel attacks demonstrate how criminals systematically abuse legitimate tech features across platforms to steal personal data and financial information.

Watch:

Security experts emphasize that Apple never initiates contact through text messages or emails about lost devices. The NCSC recommends users ignore suspicious messages entirely and protect SIM cards with PIN codes. McAfee security researchers note that without Apple ID credentials, the scam becomes ineffective, making credential protection the primary defense against these attacks.