Your iPhone can become almost useless to a thief when marked as lost. Apple’s Activation Lock can help turn a stolen device into a difficult-to-resell object. Unfortunately, thieves have developed methods to circumvent this protection.
Research from Infoblox Threat Intel, part of Infoblox’s cybersecurity team, highlights how criminals use fake Apple pages, smishing texts, and tools on Telegram to trick iPhone owners into revealing their passcodes. Infoblox Threat Intel monitors cybercriminal activity by analyzing DNS patterns, the system aiding devices in finding websites online. By observing patterns in fake domains and scam networks, researchers spot phishing pages.
Cybercriminals use fake Apple pages and text messages to trick stolen iPhone owners into giving up their passcodes.
After stealing a phone, thieves may have little interest in its data and more in selling the device. They aim to acquire the passcode, which allows them to remove security measures, wipe the phone, and sell it.
Protect Your Phone: Join CyberGuy Live: Lock Down Your Phone in 30 Minutes on June 13 at 10 am ET. Register at CyberGuyLive.com for a free, live class on phone security basics.
How the Scam Begins
When you lose an iPhone, you might leave a message and contact number on the lock screen, hoping a good Samaritan returns it. Scammers, however, use the number to reach you. Shortly after a theft, some victims receive messages directing them to fake Apple-styled websites, resembling the Find My app with a moving phone on a map. These ask for the phone’s PIN, giving control to the thief if entered.
Reasons Thieves Want Your Passcode
A locked iPhone has reduced resale value, but an unlocked one can be wiped and sold for more. Telegram groups offer unlocking services, targeting older phones or collecting details from newer devices for phishing scams. Services range from fake Apple login pages to AI tools imitating Apple, sold for as low as $5.
The low cost encourages scam proliferation, as minimal technical skill is needed. A scammer can follow instructions and deploy a polished message.
Realistic Feel of Fake Apple Texts
Scams often customize phishing pages with the victim’s details, such as name, email, and device information. These may show a location on a ‘lost iPhone’ map, making it appear personal. Criminals retrieve entered credentials via Telegram, unlock the phone, and prepare it for sale.
Over 10,000 domains involve unlocking tools and smishing campaigns. Traffic to verified smishing domains surged by 350% in 2025. Some scripts check if domains are blocked and issue fake explanations to remove them from Google’s Safe Browsing warnings.
Protect Yourself Against These Scams
- Never enter your iPhone passcode through a text link.
- Use the Find My app or iCloud directly without messaging links.
- Treat urgent recovery messages with suspicion and use Apple’s tools.
- Employ a strong, complex iPhone passcode.
- Ensure Activation Lock is enabled in your settings.
- Keep your stolen iPhone on your Apple Account to maintain Activation Lock.
- Install strong antivirus software to protect against malicious links.
- Report stolen phones to local police and your wireless carrier immediately.
Note for Android Users: Similar scams targeting older Android phones use fake Google or Samsung pages to capture account details. Follow similar cautionary steps as iPhone users do.
Key Takeaways: A stolen iPhone can be troublesome for thieves due to Activation Lock. However, criminals attempt to involve you in unlocking it by using fake Apple pages and strategic text alerts. Always rely on official Apple tools and ignore any message requesting your passcode.
Protecting Loved Ones from Bank Scams 
FCC Proposal on Phone Identity Checks Raises Privacy Concerns 
AI’s Role in Cybersecurity: A Strategic Perspective 
Minnesota Bans Crypto ATMs to Combat Scamming Activity 
AI Integration in U.S. Government: California’s Recent Developments 
AI Safety Report 2026 Highlights Emerging Risks and Challenges