MHA warns of a phishing campaign targeting users of lost or stolen iPhones

ByTech Word News

Posing as Apple support, hackers exploit victims’ urgency to locate or secure their missing devices through fraudulent SMS messages containing phishing links. Image used for representational purposes only. | Photo credit: Reuters

India’s Cyber ​​Crime Coordination Center (I4C) under the Ministry of Home Affairs (MHA) has identified a sophisticated phishing campaign targeting Apple iPhone users whose devices have been lost or stolen, according to an advisory issued by the agency.

Posing as Apple support, hackers exploit victims’ urgency to locate or secure their missing devices through fraudulent SMS messages containing phishing links.

“These messages closely resemble legitimate ‘Find My iPhone’ or Apple Support notifications and redirect users to fake Apple login pages designed to steal Apple ID credentials and one-time passwords (OTPs). Once compromised, attackers gain unauthorized access to victims’ accounts and remove the linked Apple ID from the stolen device,” the alert said.

The national cybercrime threat analysis unit I4C asked those affected to “not click on links received via SMS (especially from international SMS headers) or spam messages and to check the URL carefully before entering login details.”

It added that criminals in possession of stolen iPhones are targeting device owners through fraudulent means.

Fraudulent SMS are usually sent from number headers. “These messages contain phishing links and usually claim that the lost device has been temporarily turned off or that urgent action is needed to erase contacts, media and other data. When victims click on the phishing link, they are redirected to a fraudulent website designed to resemble the official Apple Support or iCloud login page. Phishing domains often use deceptive naming conventions to appear legitimate,” it said.

Victims are then prompted to enter their Apple ID credentials followed by a one-time password (OTP) or two-factor authentication code sent by Apple.

“Once the credentials and OTP are obtained, the perpetrators gain unauthorized access to the victim’s iCloud account, remove the Apple ID linked from the stolen device, disable the ‘Find My iPhone’ feature, bypass security features, and sell or reuse the device without restrictions,” the alert added.

He urged users to use Apple’s official “Find my Device” page to locate the missing device.

Published – 23 May 2026 22:25 IST