India’s cybersecurity agencies have issued a high-level alert over a fast-spreading phishing campaign targeting iPhone users, particularly those who have lost their devices or had them stolen. The warning highlights how cybercriminals are exploiting panic and urgency to steal Apple ID credentials through fake SMS messages.
How the phishing scam works
The Indian Cybercrime Coordination Centre (I4C), operating under the Ministry of Home Affairs, stated in its advisory that attackers are sending fraudulent messages impersonating Apple Support or “Find My iPhone” services. These messages claim that the missing device has been located or requires urgent action to secure personal data.
The SMS messages contain malicious links that redirect users to fake Apple login pages designed to capture Apple ID credentials and one-time passwords (OTP). Once victims enter their details, attackers gain full access to their iCloud accounts and can disable security features such as “Find My iPhone.”
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Device takeover, resale and psychological manipulation
Officials warned that after gaining access, attackers remove the device from the victim’s Apple account, reset security settings, and make the stolen phone usable for resale or reuse. These fake websites are carefully designed to closely resemble official Apple interfaces, making detection extremely difficult for ordinary users.
According to the advisory, these fraudulent SMS messages are typically sent using numeric or international headers. They often include alarming language such as claims that the user’s data will be deleted or that immediate verification is required to prevent account suspension.
Cyber experts note that this entire operation relies heavily on psychological manipulation. Victims who have recently lost their phones are already under stress, making them more likely to act quickly without verifying the authenticity of the message.
Device takeover, resale and psychological manipulation
Authorities have urged users not to click on any unsolicited SMS links, especially those claiming to be related to Apple or device recovery services. They also advised users to carefully inspect URLs before entering any credentials and to rely only on official platforms.
The official Apple device tracking service is available only through https://www.icloud.com/find, and users are strongly advised to bookmark this link and avoid any third-party or redirected URLs.
Cybersecurity experts describe this as a growing trend in targeted phishing, where attackers focus on individuals in vulnerable situations. Such campaigns use professionally designed fake websites and messages, making it increasingly difficult for users to identify fraud.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh stated that such attacks are becoming more organized and technologically advanced. He said cybercriminals are now using AI and automation tools to generate convincing fake login pages, multilingual SMS templates, and realistic brand impersonations, significantly increasing the success rate of phishing attempts.
He further warned that even a single click on a malicious link can compromise an entire digital identity, as Apple IDs are often linked not only to devices but also to cloud storage, personal photos, messages, and sometimes financial applications.
Protection measures and broader context
The advisory also emphasized that once an Apple ID is compromised, attackers can access sensitive data stored in iCloud, including photos, messages, backups, and linked application data. In several cases, stolen devices are quickly factory reset and resold in local and international markets, making recovery extremely difficult.
Users have been advised to enable two-factor authentication (2FA), use strong and unique passwords, and regularly monitor devices linked to their Apple ID. Authorities also encouraged immediate reporting of suspicious messages through the National Cyber Crime Reporting Portal.
Officials stressed that awareness remains the strongest defense against such cyber threats. As phishing techniques continue to evolve, users are urged to treat every unsolicited security alert with caution and verify authenticity before taking any action.
The alert underscores the growing scale of mobile-based cybercrime in India, particularly attacks targeting widely used digital ecosystems such as Apple and Google services.
