The Indian Cybercrime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has identified a sophisticated phishing campaign targeting Apple iPhone users whose devices have been lost or stolen, according to an advisory issued by the agency.

Hackers impersonate Apple Support, and exploit victims’ urgency to locate or secure their missing devices through fraudulent SMS messages containing phishing links.

“These messages closely resemble legitimate 'Find My iPhone' or Apple Support notifications and redirect users to counterfeit Apple login pages designed to steal Apple ID credentials and One-Time Passwords (OTP). Once compromised, attackers gain unauthorised access to victims’ accounts and remove the linked Apple ID from the stolen device,” the advisory said.

The National Cybercrime Threat Analytics Unit of the I4C asked affected people to “avoid clicking links received via SMS (especially from international SMS Headers) or unsolicited messages and carefully check the URL before entering credentials”.

It added that the perpetrators in possession of the stolen iPhones target device owners through deceptive means.

Fraudulent SMSs are usually sent from numeric headers. “These messages contain phishing links and typically claim that the lost device has been temporarily switched off or that urgent action is required to erase contacts, media, and other data. When victims click the phishing link, they are redirected to a fraudulent website designed to closely resemble the official Apple Support or iCloud login page. The phishing domains often use deceptive naming conventions to appear legitimate,” it said.

Victims are then prompted to enter their Apple ID credentials, followed by the One-Time Password (OTP) or two-factor authentication code sent by Apple.

“Once the credentials and OTP are obtained, perpetrators gain unauthorised access to the victim’s iCloud account, remove the Apple ID linked from the stolen device, disable 'Find My iPhone’, bypass security features, and resell or reuse the device without restrictions,” the advisory added.

It urged users to use Apple’s official “Find Devices” service page—https://www.icloud.com/find—to trace the missing devices.