Criminals are using fake recovery notifications to trick iPhone owners into revealing their Apple ID credentials, allowing them to unlock stolen devices and disable Apple’s built-in security protections. The scheme targets people who have recently lost their phones and are still hoping to recover them.
Victims whose phones have been stolen receive text messages or emails claiming that their missing iPhone has been found. The messages often include accurate details such as the device model or colour, making them appear genuine. They instruct the user to confirm ownership by clicking a link that supposedly leads to Apple’s Find My service. The link instead opens a fake website designed to steal login information.
These phishing pages closely imitate Apple’s real login screens. They feature the company’s logo, privacy notices, and even functioning links to official pages. Once victims enter their Apple ID and password, the information is sent directly to the criminals. With those credentials, thieves can remove the Activation Lock, erase the device, and register it under a new Apple ID.
The scam works because it targets victims when they are most vulnerable. Losing a phone is stressful, and any message suggesting that it has been recovered can override caution. The wording is calm and polite, reinforcing the illusion that the sender is trying to help. Attackers often send the messages several days or weeks after the loss to make them seem more believable.
Activation Lock ties an iPhone to its owner’s Apple ID and prevents anyone else from activating it without the correct credentials. This feature has made it difficult for criminals to profit from stolen phones, so they have shifted to manipulating owners instead of trying to bypass the technology. Once the thieves obtain the Apple ID details, they can unlock the phone and sell it at full market value.
A single unlocked iPhone can sell for hundreds of dollars, which makes these phishing campaigns profitable. Many of the messages are automated and sent in large volumes to the owners of stolen devices. Because each message includes specific details, such as the device model or serial number, it appears personal and convincing.
Experts believe that much of this information comes from the device itself. When owners use Apple’s Lost Mode, they can display a custom message and contact information on the lock screen. If that message includes a phone number or email address, the thief can use it to target the victim with personalised phishing attempts. In some cases, criminals may also access data through a stolen and unprotected SIM card.
The best protection is awareness. Apple does not contact users by text or email to confirm device recovery. Any message asking for credentials or account verification should be treated as suspicious. All actions related to a lost phone should be managed directly through the Find My app or by signing in at iCloud.com.
Owners should avoid including personal contact details in Lost Mode messages. A separate email address created only for recovery is safer and reduces the chance of being targeted. The phone’s SIM card should also be locked with a PIN and reported to the carrier immediately after a theft.
If a suspicious message is received, it should be deleted without clicking links. Victims who may have entered their credentials should change their Apple ID password immediately, review recent account activity, and enable two-factor authentication if it is not already active. Reporting the phishing attempt to Apple and local authorities helps investigators track similar schemes.
The growth of these scams shows how mobile theft has evolved. Attackers are blending physical theft with digital manipulation, turning device loss into a gateway for fraud. Instead of relying on complex hacking tools, they exploit human emotion and urgency. The combination of realistic messages and personal context makes the deception effective.
Public awareness remains the strongest defence. Recognising that real recovery messages never request logins or payment prevents further harm. A lost phone is unfortunate, but falling for a fake recovery message can result in the loss of both personal data and account access. Staying calm, verifying sources, and avoiding quick reactions can stop thieves from turning a single stolen phone into lasting damage.