Your iPhone gets stolen. You immediately mark it as lost in Find My iPhone and add a message on the lock screen with your phone number, hoping someone honest will find it. A few weeks later, you get a text: "We found your device! Click here to see its location." Relief floods through you—until you realize you've just walked into a trap.
Here's what many iPhone owners don't know: a stolen iPhone is essentially a brick. Apple's Activation Lock prevents thieves from resetting or using the phone without your Apple ID and password. This security feature has worked so well that criminals have completely shifted tactics. They're no longer trying to crack Apple's security—they're coming after you instead.
The scam is straightforward and surprisingly patient. When you mark your phone as lost, the thief can see any contact information you displayed on the lock screen. They'll send you a text or email claiming they found your device, often including convincing details like the phone's model and color—information they can see right on the locked screen. The message includes a link to what appears to be Apple's Find My website.
But here's the clever part: that website is a perfect replica of Apple's login page. Once you enter your credentials to "locate" your phone, the thief now has everything they need. They can unlock the device, wipe it clean, and sell it. Even worse, they can access your photos, emails, apps—your entire digital life.
This isn't just opportunistic theft anymore. Security researchers have documented organized "Phishing as a Service" platforms where thieves pay subscription fees—sometimes $40 to $120 per attempt, depending on the iPhone model—to access fake websites and victim-tracking systems. They register domains that look similar to legitimate Apple URLs—like "appleid-verification.com" instead of "apple.com.
Here's the ironic twist: the fact that these phishing operations exist proves Apple's security actually works.
Takeaways
- Know Apple's policies: Apple will never text or email you about a found device. If you get a message claiming your phone was located, it's a scam. Period
- Access Find My directly: Don't click links in messages about your stolen phone. Open the Find My app or go directly to iCloud.com yourself if you want to check on your device
- Use alternate contact information: When you set up that "if found" message on your lost phone, use a different phone number or email address—not the one tied to your Apple ID. This makes it harder for thieves to target you
- Enable two-factor authentication: If you haven't already, turn it on for your Apple ID. This adds another layer of protection, even if someone gets your password
- Trust your instincts: If something feels off about a "found phone" message, it probably is. These criminals are banking on your emotional reaction to help them recover your device
The technology is sound—the human element remains vulnerable.
#ALTACyber
-------------------------------------------
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------