A new report from Infoblox says thieves are exploiting a weak point in the post-theft recovery process for stolen iPhones: the contact phone number owners leave behind through Apple’s Find My lost mode.
When someone marks an iPhone as lost, the lock screen can display a phone number so the owner can be reached. According to the report, criminals are turning that number into a phishing entry point. They send text messages that appear to be related to the missing device and push the owner toward fake support sites that mimic Apple’s lost-device pages.
The goal is straightforward. If the victim enters a passcode or account information into one of those fake pages, the thieves can use that data to unlock the phone and make it resellable. Infoblox says domains designed for these scams are appearing at a massive scale, with lookalike sites created specifically to impersonate Apple-related recovery flows.
The report also points to a broader criminal toolchain around stolen iPhones. On Telegram, researchers found groups advertising services and toolkits such as FMI OFF and iCloud-themed phishing kits. Some sellers reportedly target older iPhone models with unlocking tools, while others offer AI-assisted voice systems meant to pressure victims into revealing credentials through social engineering.
The economics explain why this keeps happening. A locked stolen iPhone has limited resale value, but an unlocked one can be sold much more easily. Infoblox says the cost of the tools used to unlock a device can be under $10 on average, and may go as high as roughly $50 depending on the model. That leaves a lot of room for profit once the phone is opened up for resale.
Apple has already added stronger protections. Since iOS 17.4, Find My-related theft scenarios are partly addressed by Stolen Device Protection, which adds delays and extra checks for sensitive actions like resetting credentials or wiping the device in unfamiliar locations. Even so, the latest attack chain shows that technical safeguards can still be undermined when scammers successfully manipulate the owner.
The safest response is to treat any message about a missing iPhone with caution, especially if it asks for a passcode or sends you to a login page. Users should verify domains carefully, avoid sharing codes through texts or calls, keep Find My enabled, and make sure their lock-screen passcode and Apple account password are both strong and unique.
