The Indian Cybercrime Coordination Centre (I4C) issued an alert regarding a phishing campaign targeting Apple iPhone users who have lost their devices.
Hackers impersonate Apple Support via fraudulent SMS messages with phishing links to steal Apple ID credentials and One-Time Passwords (OTP).
Compromised accounts allow attackers to remove the linked Apple ID from the stolen device, enabling resale or reuse without restrictions.
Users are advised to avoid clicking links in unsolicited SMS messages and to use Apple’s official “Find Devices” service page to trace missing devices.
Detailed Insights:
The phishing campaign exploits the urgency of victims to locate or secure their missing iPhones by sending messages resembling legitimate “Find My iPhone” or Apple Support notifications.
Fraudulent SMS messages are typically sent from numeric headers and claim that the lost device has been temporarily switched off or that urgent action is required to erase data.
The National Cybercrime Threat Analytics Unit of the I4C advises users to carefully check URLs before entering credentials, especially when received via SMS from international SMS Headers.
Once attackers gain unauthorised access, they can resell or reuse the device without restrictions, causing financial loss and potential misuse of personal data.
Iphone scam.png
Key Concepts Involved:
Phishing: A deceptive attempt to obtain sensitive information like usernames, passwords, and credit card details by disguising as a trustworthy entity.
SMS Header: The identifier (name or number) that appears on a mobile phone when a text message is received.
Apple ID: A personal account used to access Apple services like the App Store, iCloud, and iMessage.