Warning of new scam targeting iPhone users who have lost their devices

Losing a mobile device is a nuisance for many users, but receiving a found message can have more serious consequences, especially if it is a message from malicious actors.

Cybersecurity experts are warning of a new type of phishing scam targeting lost iPhone users, designed to trick victims into providing Apple ID details under the guise of device recovery assistance.

Attackers are exploiting a vulnerability in Apple's Find My feature to target users who have reported their devices as "Lost Mode" or stolen, according to the Swiss National Cyber ​​Security Center (NCSC).

When a user activates the “Lost” status on their iPhone, the system allows a custom message with contact details to be displayed on the lock screen, facilitating a legitimate recovery process. Scammers have turned this legitimate recovery feature into a phishing attack vector.

Specifically, scammers will send messages via iMessage or SMS service, impersonating the support team of “Find My.”

These messages often contain exact specifications of the lost device such as model, color, or storage capacity – information that may have been gathered from custom notifications on the lock screen.

The message states that the device has been "located" and includes a link to "view the location of the device."

When victims click on this URL, they are redirected to a fake website designed to collect Apple ID login credentials and passwords, thereby gaining access to the user's account.

Experts recommend that users verify the authenticity of any device recovery notification. Never enter Apple ID information on websites accessed via links in unknown SMS/iMessage messages. Always access the “Find My” app or the official iCloud website to check the status of a lost device./.

Source: https://www.vietnamplus.vn/canh-bao-chieu-lua-dao-moi-nham-vao-nguoi-dung-iphone-bi-mat-may-post1076367.vnp