A new report from security firm Infoblox says iPhone theft has evolved into a full criminal supply chain, and one of the latest tricks is built around Find My phishing. Instead of attacking Apple’s technical protections head-on, thieves are reportedly using contact numbers left on lost-device screens as an entry point for social engineering.
When an owner marks a device as lost through Apple’s Find My app, they can leave a phone number on the lock screen. According to the research, criminals are taking that number and sending text messages that push victims toward fake Apple-themed websites. One example cited in the report is a spoofed domain such as applemaps-support.live, designed to look like an official recovery page.
Those phishing sites then try to collect the victim’s passcode. Once thieves get that information, they can quickly move to unlock the iPhone and prepare it for resale. The report says kits marketed under names like “FMI OFF” and “iCloud Webkit” have become common tools for harvesting Apple account credentials and related lock-screen access.
If phishing doesn’t work, the black-market ecosystem has other options. Infoblox said it found dozens of Telegram groups dedicated to unlock tools, including software aimed at older iPhone models that can still be jailbroken. Some of those communities even advertise AI-assisted voice tools that help operators pressure victims into giving up passwords over calls.
The economics make the scheme especially attractive to criminals. According to the report, the average tool cost to unlock one device is under $10, though it can rise to around $50 depending on the model. A locked stolen iPhone has limited resale value, but once it’s unlocked, it can be sold much more easily and at a significantly better margin.
Apple has already added extra defenses. Starting with iOS 17.4, Stolen Device Protection is enabled by default to add security delays around sensitive actions like password resets or data erasure when the phone is in an unfamiliar location. The new attack chain, though, shows that even strong technical safeguards can still be undermined if a victim is tricked into handing over credentials.
For users, the takeaway is simple: treat any message claiming to help recover a lost iPhone with real suspicion, inspect domain names carefully, and never share passcodes through texts or calls. Keeping Find My enabled and using strong, separate passwords for the device and Apple account still remains one of the best ways to reduce risk.
