Thieves are dodging Apple’s Activation Lock by using convincing fake Apple pages, smishing texts and Telegram-based unlocking services to trick victims into giving up their passcodes, and this piece explains how the scams work, what researchers found, and the practical steps you can take to keep a stolen phone locked down.
Infoblox Threat Intel found a worrying pattern: criminals are building polished phishing pages and using smishing messages to target people right after a phone is stolen. By watching DNS patterns and suspicious domains, researchers tracked networks of fake sites that mimic Apple’s look and feel to harvest passcodes and account info. The attacks are timed and personal, often arriving in the stressful minutes after someone realizes their phone is gone.
Scammers can make the fake pages look shockingly real. A victim might get a message that opens a page showing a moving dot on a map that appears to be their phone, then prompts for the device PIN. That pressure and apparent proof that the thief already has the device makes the request feel urgent and legitimate. When people panic, they’re more likely to hand over the one thing thieves need most: the passcode.
WHY IPHONE USERS ARE THE NEW PRIME SCAM TARGETS
Many thieves don’t want your data, they want quick cash. A locked iPhone has little resale value, but an unlocked one can be wiped, removed from an Apple account and sold for a lot more. Telegram groups sell cheap unlocking services and kits that include fake Apple login pages, prerecorded calls and scripts to bypass warnings, lowering the technical skill required to profit from a theft.
The underground tools are alarmingly inexpensive, too. Some unlocking offers start at just a few dollars, with many recent models averaging under ten bucks to attempt. That low barrier means more criminals can try this method, and more victims can be tricked by ready-made templates and step-by-step guides sold or shared in cybercriminal channels.
Criminals also customize scams to boost believability, pulling names, device details and even whether a passcode uses four or six digits to tailor a phishing page. They can send the link via text, WhatsApp or email and collect whatever the victim types back through Telegram. From there the attacker can remove devices from the Apple Account and prepare phones for resale.
DON’T GET CAUGHT IN THE ‘APPLE ID SUSPENDED’ PHISHING SCAM
Apple will not ask you to enter your iPhone passcode through a random link sent by text or WhatsApp. That sentence is important: the passcode belongs only on the device itself. Treat any message that asks you to type your passcode into a webpage as hostile, even if the page looks exactly like Apple’s Find My screens.
If your phone goes missing, use the official tools directly. Open the Find My app on another Apple device or sign in to iCloud from a browser you trust; do not follow recovery links from texts or messaging apps. Pausing and going to Apple’s tools yourself cuts off the scammers’ biggest advantage, which is that they time messages to land when you feel desperate.
Locking down an iPhone beforehand helps, too. Use a longer alphanumeric passcode rather than simple patterns or birthdays, and confirm Find My iPhone and Activation Lock are turned on in Settings. If a phone is stolen, mark it as lost in Find My rather than removing it from your account; removing it can lift Activation Lock and let thieves wipe it for resale.
FIND A LOST PHONE THAT IS OFF OR DEAD
Antivirus and safety tools can warn about malicious links and block known phishing pages, adding a layer of defense when you accidentally tap something dangerous. Report the theft to local law enforcement and your wireless carrier so they can suspend service and flag the device. And remember: the scam can hit Android users, too, with fake Google or Samsung pages asking for passwords or PINs.
These scams trade on timing and stress, not just technical skill. Slow down, use official services, keep your passcode on your device only and keep Find My enabled. Those steps are the most reliable way to stop a thief from turning a locked phone into quick cash.
