{“lastseen”:”2025-11-11T14:05:15″,”description”:”One of the reassuring things about owning an iPhone was knowing you could lock it if it got lost or stolen. Without your passcode, fingerprint or face to unlock it, it would be useless to anyone else. \\n\\nNow, though, some phone thieves have found a workaround, not by breaking Apple’s security, but by tricking owners into giving them the keys. \\n\\nThe Swiss National Cyber Security Centre (NCSC) has issued a warning about phishing scams targeting iPhone owners who’ve lost their devices.\\n\\n## Phishing for Apple ID credentials\\n\\nWhen you report an iPhone as lost in Apple\u2019s **Find My** app, you can set a custom lock-screen message that appears on the missing device. Many people include an email address or phone number in that message so a helpful stranger can contact them if the phone turns up.\\n\\nUnfortunately, that\u2019s the very information scammers use to reach you. A thief (or anyone who now has the phone) can see that contact detail on the screen and send you a convincing message\u2014usually by text, iMessage, or email\u2014claiming to have found your device.\\n\\nThe scam messages often include details copied from the phone itself, such as its model and color, to make it sound authentic. It also includes a link to a fake website that mimics the Find My service that Apple operates to locate lost devices. The site will ask for the victim’s Apple ID credentials.\\n\\nIf the victim takes the bait, the thief can use those credentials to gain full access to the phone. That enables them to wipe it, returning it to factory settings for resale.\\n\\nAlthough the NCSC didn’t say so, an enterprising thief could get up to all kinds of other shenanigans. They might reset the user’s Apple ID to lock them out\u2014even on a replacement device, access their photos (yes, including any risqu\u00e9 ones), read their emails and nose through their apps. In short, it would give them carte blanche to your digital life.\\n\\nThese attacks don’t have to happen immediately. The perpetrators might text months after the device has been lost, when victims might have moved on and lowered their guard.\\n\\n## The good news\u2026 and the bad\\n\\nThe warning is both good and bad news. It’s good news because it shows that criminals are apparently unable to bypass Apple’s Activation Lock protection through technical means. The Activation Lock, turned on when you activate Find My, registers a device ID on Apple’s activation servers. Even if the criminals reset your device, the activation lock will still be there. Only someone with the user’s Apple ID credentials can unlock it. It’s a version of something called Factory Reset Protection (FRP) that the US mandated under the US Smart Phone Theft Prevention Act of 2015. Android phones have similar lock functionality.\\n\\nThe warning is bad news because phone owners are human, and humans are often the easiest security system to defeat. Phishing schemes that target phone theft victims are big business. Back in 2017, security reporter Brian Krebs documented \\”phishing as a service\\” platforms that did it at scale, on a subscription basis. Vice found toolkits like ProKit for phishing to unlock phones on sale for around $75.\\n\\nWe’ve already written about how the phone theft industry operates. Police in the UK recently uncovered a network stealing up to 40,000 phones per year. Most were shipped overseas to countries including China, where they would be used as profitably as possible. Locked phones might be broken up for parts, but a phone restored to factory settings that can be activated from scratch is far more valuable.\\n\\n## What to do if your iPhone is stolen\\n\\n**Ignore any messages from \u201cApple\u201d** claiming your lost phone has been found. The NCSC says Apple will never text or email customers about a recovered device.\\n\\nIf you lose your phone, **turn on Lost Mode** right away in**Find My** to lock it and display your contact message. Use a **different contact number or email** (not the one linked to your Apple ID or main phone) so scammers can\u2019t use that information to target you.\\n\\nProtect your SIM, too: enable **PIN protection** immediately, and ask your carrier to **block or replace the SIM** if the phone has been stolen.\\n\\nWe can’t easily stop thieves stealing people’s phones, or control who sees our phones after they leave our hands. But a little forethought now can help you to stop criminals from accessing your digital life or selling your phone on in its current form if it does enter the underground supply chain.\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2025-11-11T12:35:27″,”modified”:”2025-11-11T12:35:27″,”type”:”malwarebytes”,”title”:”Stolen iPhones are locked tight, until scammers phish your Apple ID credentials”,”source”:””,”references”:””,”id”:”MALWAREBYTES:07BDBD451ACBCB6C5E1CA53556682F57″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/stolen-iphones-are-locked-tight-until-scammers-phish-your-apple-id-credentials”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-11T14:05:15″,”description”:”One of the reassuring things about owning an iPhone was knowing you could lock it if it got lost or stolen. Without your passcode, fingerprint…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-25664","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n