New Delhi: The Ministry of Home Affairs has issued a nationwide warning over a phishing scam targeting iPhone users, particularly those whose devices have recently been lost or stolen. The Indian Cyber Crime Coordination Centre has cautioned that fraudsters are using fake messages impersonating Apple Support and “Find My iPhone” to steal Apple IDs, passwords and authentication codes.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Fake Messages Mimic Apple Services
According to the Indian Cyber Crime Coordination Centre, which operates under the Ministry of Home Affairs, the scam has been described as a “hybrid cybercrime” because it combines the physical exploitation of lost devices with digital phishing methods.
Cybercriminals are reportedly sending fraudulent SMS messages claiming that a lost iPhone has been located or switched off. These messages direct users to links that lead to fake websites designed to resemble Apple’s official login page.
Once victims enter their Apple ID and password on such portals, attackers also capture one-time passwords and two-factor authentication codes. This can allow criminals to access the victim’s iCloud account and take control of the device and associated data.
Experts Warn of Psychological Manipulation
Cybersecurity experts said the scam is effective because people who have recently lost their phones are often under stress and may act quickly without verifying the message or link.
Cybercrime expert and former IPS officer Professor Triveni Singh said criminals are increasingly using social engineering methods to exploit human behaviour. “Cybercriminals are no longer relying only on technology. They are targeting human psychology. Once a user is emotionally pressured, they tend to click without verification, which becomes the biggest vulnerability,” he said.
A cybersecurity researcher also described the method as a more advanced form of phishing, where urgency and panic are used to push victims into entering sensitive information on fraudulent websites.
Users Told to Verify Links and Block Lost Phones
Authorities have advised users not to click on suspicious links received through SMS or social media. They have also urged people to verify website addresses carefully before entering login credentials.
The advisory recommends keeping two-factor authentication enabled, using strong and unique passwords for Apple accounts, and keeping the “Find My iPhone” feature active for device tracking and recovery.
Users whose phones are lost or stolen have been advised to block the device immediately through the Central Equipment Identity Register portal to prevent misuse. Victims of cyber fraud have also been urged to report incidents on the national cybercrime helpline 1930.
Officials said phishing attacks using fake links, cloned websites and OTP theft are becoming more sophisticated. Cyber agencies are tracking malicious links and fake websites linked to such scams, while reminding users that legitimate companies, including Apple, do not ask for login credentials through SMS.
