CT
CyberTimes
🇮🇳 ← Back to Indian Scams
May 12, 2026 · CyberTimes Security Team

How the iPhone Find My Phishing Scam Works and What To Do

Losing an expensive phone is a nightmare, but a sophisticated new iPhone phishing scam India is making it even worse. Criminals who have stolen your physical device are now sending fake "Find My iPhon

TL;DR — 15 Second Read

  • Scammers send fake SMS alerts pretending to be Apple Support to people who have recently lost their iPhones.
  • They trick you into entering your Apple ID and OTP on a fake website to "unlock" your stolen phone for resale.
  • Once they have access, they remove your account from the device, making it impossible for you to track or lock it.
Severity🟠 HIGH
Scam TypeOnline Fraud
ActiveReported
AffectedAny iPhone user in India whose

Losing an expensive phone is a nightmare, but a sophisticated new iPhone phishing scam India is making it even worse. Criminals who have stolen your physical device are now sending fake "Find My iPhone" alerts to trick you into giving up your digital security credentials. Their goal is to bypass Apple's security so they can sell your phone in the second-hand market for thousands of Indian Rupees (₹).

How to Protect Yourself

Step-by-step protection guide

  1. 1Stop and Think: Never click a link in an SMS regarding a lost phone. Apple never sends links to "locate" a device via SMS.
  2. 2Use Official Channels: Only use the official [icloud.com/find](https://icloud.com/find) website or the "Find My" app on another Apple device you own.
  3. 3Block the IMEI: Immediately report your lost phone on the government's CEIR Portal to block it across all networks in India.
  4. 4Contact the Helpline: Report the phishing attempt and the theft to the 1930 helpline or through cybercrime.gov.in.

How the scam works

  1. 1The Theft: Your iPhone is stolen or lost, and ends up in the hands of criminals.
  2. 2The Phishing SMS: You receive a text message that looks like it's from Apple Support or the "Find My" service. It often claims your phone was "found" or that you need to log in to erase your data security for privacy.
  3. 3The Fake Portal: Clicking the link takes you to a counterfeit website that looks exactly like the official iCloud login page.
  4. 4Credential Theft: You are prompted to enter your Apple ID and the One-Time Password (OTP) sent to your other devices.
  5. 5Device Takeover: The attackers use your login to remove the "Activation Lock" and disable "Find My iPhone," effectively handing them full control of the device.

Signs You Are Being Targeted:

- Receiving a "Find My" alert from a standard mobile number instead of an official "AD-APPLE" header.

- Messages that use high-pressure language, such as "Your data will be leaked in 10 minutes" or "Click to locate now."

- A login website URL that looks slightly "off," such as icloud-find-device.com instead of the official icloud.com.

Real-world impact

Beyond the loss of a device worth over ₹70,000, your information security is compromised. If scammers get into your iCloud, they can access your private photos, messages, and saved passwords. This could even lead to them trying to access your bank apps or UPI details if you have stored sensitive info like your Aadhaar details in your notes or emails.

🛡️ Prevention Tips

- Keep Two-Factor Authentication (2FA) active at all times to boost your cyber security.

- Never share your Apple ID password or OTP with anyone, even if they claim to be from "Apple Support" on WhatsApp or a call.

- Maintain strong network security by using a unique password for your Apple account.

- Regularly update your iOS to ensure you have the latest computer security and internet security patches.

- Never remove a lost device from your Apple account; this is exactly what the thieves want you to do.

- Following these simple infosec rules can save your data, even if your phone is gone.

FAQs

Can Apple help me get my phone back if I gave the scammers my OTP?

Once you remove the device from your account, Apple cannot track it or help you lock it again. Act fast to change your password if you think you’ve been tricked.

Why is my "Find My" app showing the phone is offline?

The thieves may have switched it off, but "Find My" can still often show the last known location. Do not let this tempt you into clicking suspicious "update" links.

Is the CEIR portal different from the Apple lock?

Yes. CEIR blocks the phone from using any SIM card in India, while the Apple lock prevents the phone from being used at all. You should use both.

Read Next

How Instagram Crypto Scams in India Work and What You Should Do

Fake Job Offer Scams Targeting Freshers in India: How to Spot the Trap

Fake FedEx/Courier Scam Calls: How the "Digital Arrest" Fraud Works and What to Do

How the Fake OpenAI Download Scam Works and What To Do

Shattering the Sandbox: A Dozen Critical Flaws Hit vm2 Node.js Library

Last updated: May 12, 2026

🇮🇳 ← Back to Indian ScamsAbout CyberTimes