If your iPhone has been lost or stolen, you’d probably be relieved to get it back, even if it is has been weeks or months since you’ve replaced your device. Having your old phone in hand may provide some peace of mind that your data is secure, and if nothing else, you can sell or trade it in or repurpose it for another use.
Unfortunately, you’re pretty unlikely to see your missing iPhone again, but bad actors are hoping you hold out enough hope to fall for a phishing scam promising that your device has been found.
How the lost iPhone scam works
According to a warning from the Swiss National Cyber Security Center, some iPhone owners whose devices were lost or stolen are receiving SMS or iMessage notifications—purportedly from Apple—claiming that their phones have been located. The text messages include specific and accurate details about the missing iPhones, including the model, color, and storage capacity, and direct recipients to click a link to view the device’s location. The message is signed by the “FindMy Support Team.”
Of course, like all phishing schemes, the link is fake. It directs you to a spoofed Apple Find My page with an Apple ID sign-in designed to steal your credentials, which scammers can use to take over your account.
The goal of this scam is to disable Apple’s built-in security feature tying your iPhone to your Apple ID, which prevents malicious actors from erasing and reselling the device. How scammers manage to find your phone number to text you is unclear, though in some cases they may get it from the lock screen message you can enable when you switch your device to Lost Mode. This may be a good reason to put alternative contact information, such as a dedicated email address, in your custom message.
Avoid falling for lost the iPhone scam
If you do receive a message with a link to locate your lost iPhone, ignore it. Apple does not contact users via text or email with updates about found devices. (Of course, if you’ve enabled Lost Mode and someone reaches out claiming they have your device, proceed with caution.) Never click on links in unsolicited communication, as these are common vectors for phishing.
Of course, you should mark your device as lost in Find My to suspend alerts and notifications that appear on your lock screen as well as payment card access. You should also consider preemptively enabling Apple’s Stolen Device Protection, an anti-theft feature that helps prevent thieves from breaking into your iPhone. If your device does go missing, don’t remove it from your Apple account, as doing so disables some security protections.
