- Victims are urged to click a link leading to a convincing “Find My iPhone” phishing website and prompted to enter their Apple ID credentials.
- If compromised, this sensitive information allows attackers to disable Apple’s Activation Lock—a security feature that otherwise prevents a stolen iPhone from being reactivated by unauthorised users.
The Swiss National Cyber Security Centre (NCSC) has issued an urgent warning after uncovering a new wave of social engineering attacks that exploit the hopes of iPhone theft victims.
The campaign, which merges finely targeted phishing with detailed device information, poses serious risks to Apple customers and highlights ongoing vulnerabilities in device security and user response.
Anatomy of the scam
According to NCSC, individuals whose iPhones were lost or stolen—sometimes months earlier—have reported receiving convincing text messages, including iMessages, purporting to be from Apple.
These messages offer hope, claiming that the missing device has been found abroad and citing specific details such as the device’s model, colour, and storage capacity to add credibility.
Victims are urged to click a link leading to a convincing “Find My iPhone” phishing website and prompted to enter their Apple ID credentials. If compromised, this sensitive information allows attackers to disable Apple’s Activation Lock—a security feature that otherwise prevents a stolen iPhone from being reactivated by unauthorised users.
Strategic impact
The real value here for cybercriminals is not just data theft. As the NCSC explains, bypassing Activation Lock has long been a barrier to profiting from stolen Apple devices. With no known technical method to circumvent this lock, threat actors are resorting to highly targeted, psychologically manipulative tactics to trick victims into helping them unlock the devices themselves.
What remains unclear is how perpetrators are obtaining phone numbers for recently lost or stolen iPhones. Possible vectors include unblocked SIM cards or inadvertent disclosure by device owners.
“In the digital age, device loss is increasingly intertwined with identity risk,” said a Swiss NCSC spokesperson. “Attackers are leveraging not just technology but also the emotions of victims—offering hope and exploiting trust to circumvent robust security features.”
The NCSC advises anyone who has lost a device to be highly sceptical of unsolicited messages regarding its recovery and never to enter Apple ID credentials outside official Apple domains.
The incident spotlights the persistent challenge for organisations and individuals alike: social engineering remains one of the most effective routes for cybercriminals, especially when protections like Activation Lock make physical theft less lucrative.
For businesses with high-value data on mobile devices, employee education and rapid SIM deactivation remain key parts of incident response.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
