Your iPhone can feel nearly useless to a thief once you mark it as lost. Apple’s Activation Lock can help turn a stolen device into a locked brick. That should make phone theft less profitable. Yet thieves have found a nasty workaround.

According to new research from Infoblox Threat Intel, the cybersecurity research team at Infoblox, criminals are using fake Apple pages, smishing texts and Telegram-based unlocking tools to trick stolen iPhone owners into handing over their passcodes.

Infoblox Threat Intel tracks cybercriminal activity partly by studying DNS, the system that helps devices find websites online. Think of DNS as the internet’s phone book. By watching patterns in suspicious website names and traffic, researchers can spot fake domains, phishing pages and larger scam networks.

The scary part is how personal the scam can feel. The thief may already have your phone. The message may arrive right after the theft. The fake page may even show what looks like your iPhone moving on a map.

WHY IPHONE USERS ARE THE NEW PRIME SCAM TARGETS

Researchers found that many thieves care less about the data on the phone and more about turning the device into resale cash. Once they get your passcode, they can remove protections, wipe the device and sell it.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (This Saturday, June 13, 10 am ET)

• Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com.

How the stolen iPhone passcode scam starts

Here is the part that feels especially cruel. When you lose an iPhone, you may put a message on the lock screen with a phone number to call. That feature can help a good person return your device. A scammer can use that same number to contact you.

In one case described by the researchers, a stolen iPhone owner received a text shortly after the theft. The message linked to a fake Apple-style website. The page showed what looked like a moving phone location on a map. Then it asked for the phone’s PIN code. Had the victim entered it, the thief would have gained control of the device. That is what makes this scam so believable. The thief may really have your phone. The message may arrive at the perfect moment. The fake page may look close enough to Apple’s real Find My experience to catch someone who is stressed and trying to recover an expensive device.

Why thieves want your iPhone passcode

A locked iPhone has limited resale value. An unlocked iPhone can be wiped, removed from an Apple account and sold for much more. The researchers found Telegram groups selling phone unlocking services. Some tools target older phones. Others help criminals collect information about newer devices so they can build a more convincing phishing attack. These services can include “Find My iPhone Off” kits, fake Apple login pages, AI voice call tools and prerecorded messages that impersonate Apple.

The pricing also makes this underground business easy to enter. Some unlocking attempts cost only a few dollars. According to the research, unlocking a recent iPhone can cost anywhere from $5 to $50, depending on the seller, with an average price below $10.

That low cost helps explain why this scam can spread. A thief no longer needs deep technical skills. They can buy a kit, follow instructions and send a polished scam message.

Fake Apple texts make the scam feel real

The scam does not stop with one generic text. Criminals can customize phishing pages with details pulled from the phone or from linked accounts. That can include the victim’s name, email address, device details and even whether the passcode has four or six digits. The fake page may also show a chosen location on a “lost iPhone” map. Then the scammer sends the link by text, WhatsApp or email.

Once the victim enters credentials or a passcode, the information can go straight back to the attacker through Telegram. From there, criminals can remove linked devices from the Apple Account and prepare the phone for resale. That is why the message can feel oddly personal. The scammer may know enough to make the alert feel urgent and official.

Stolen iPhone scams are growing fast

Researchers identified more than 10,000 domains tied to these phone unlocking tools and smishing campaigns. Many used Apple lookalike names or generic customer-support wording, such as fake location and phone-finding themes. They also found that traffic to verified smishing domains rose 350% in 2025 compared with the previous year.

Some tools even try to fight security blocks. The research found scripts that check whether smishing domains are blocked. Then those scripts submit fake explanations to try to get them removed from Google Safe Browsing warnings. That means criminals are not only building fake pages. They are also working to keep those pages online long enough to fool victims.

DON’T GET CAUGHT IN THE ‘APPLE ID SUSPENDED’ PHISHING SCAM

What this iPhone scam means to you

If your phone gets stolen, the most dangerous message may arrive after the theft. You may be worried, angry and desperate to track your device. That is exactly the moment scammers want. A message claiming to be from Apple, Find My or customer support can feel helpful.

However, Apple will not ask you to enter your iPhone passcode through a random link sent by text or WhatsApp. The passcode is the prize. Once you give it up, you may help the thief turn your locked phone into a sellable device.

Ways to stay safe from stolen iPhone scams

If your iPhone goes missing, a few calm steps can help you avoid handing thieves the one thing they need most: your passcode.

1) Never enter your iPhone passcode through a text link

Your iPhone passcode should stay on your iPhone. Do not type it into a website that arrives by text, email or WhatsApp, even if the page looks like Apple.

2) Go directly to Find My

If your iPhone is missing, use the Find My app on another Apple device or go directly to iCloud through your browser. Do not use a link from a message.

3) Treat urgent recovery messages as suspicious

Scammers love pressure. A message may say your phone has been found, moved or scheduled for removal. Pause before you click. Open Apple’s tools yourself instead.

4) Use a strong iPhone passcode

Avoid simple codes such as birthdays, repeating numbers or easy patterns. A longer alphanumeric passcode gives thieves a much harder target.

5) Keep Activation Lock turned on

Make sure Find My is enabled before anything happens. On iPhone, go to Settings > your name > Find My > Find My iPhone and confirm that Find My iPhone is turned on.

6) Do not remove the stolen iPhone from your Apple Account too quickly

If your iPhone is stolen, keep it listed in Find My and your Apple Account. Removing it can also remove Activation Lock, which helps stop someone else from erasing, activating and reselling your phone. If you use Find My, select the stolen iPhone and choose Mark As Lost or Erase This Device if needed. Avoid Remove This Device unless Apple Support, your carrier or law enforcement tells you to do it.

FIND A LOST PHONE THAT IS OFF OR DEAD

7) Use strong antivirus software on your devices

Strong antivirus software can help block malicious links, phishing pages and scam sites before they do damage. It can also warn you when a site looks unsafe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

8) Report the stolen iPhone

Report the stolen phone to local police and your wireless carrier. Your carrier may be able to suspend service or block the device from the network.

Yes. Android phones have their own anti-theft protections, but thieves may still try a similar trick. Instead of asking for an iPhone passcode, a scammer may send a fake Google, Find My Device, Find Hub, Samsung Find or carrier message after your Android phone is stolen.

The message may claim your phone was found, moved or ready to be recovered. Then it may send you to a fake page that asks for your Google account password, Samsung account password or screen lock PIN, password or pattern.

That information can help a thief get around protections that make a stolen Android phone harder to reset and resell. Google’s Factory Reset Protection can require the previous Google account or screen lock after an unauthorized reset. Samsung says Google Device Protection works on Galaxy phones when a Google account and lock screen are set up.

The advice is the same: do not use a link from a text, email or WhatsApp message to recover a stolen Android phone. Go directly to Google’s Find Hub, Samsung Find or your carrier’s official website yourself. Never type your phone’s screen lock or account password into a recovery page that arrived by message.

Kurt’s key takeaways

A stolen iPhone used to be a headache for thieves because Activation Lock made resale harder. Now, criminals are trying to make you part of the unlocking process. They do it with fake Apple pages, carefully timed texts and slick-looking maps that play on panic. The safest move is to slow down. If your phone disappears, use Apple’s official Find My tools and ignore any message that asks for your passcode. That very code may be the one thing standing between a locked brick and a payday for a thief.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Should phone makers and wireless carriers do more to stop stolen phones from being resold, or is the responsibility mostly on users to lock down their devices? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

The FBI calls it a “distress scam.” It is also known as a grandparent scam. The scam works by making an older adult believe a grandchild is in serious trouble and needs money right away, often before a court date or legal deadline. Victims reported more than $5 million in losses to this type of fraud in 2025. The FBI’s Internet Crime Complaint Center also noted that reported losses likely show only part of what scammers actually stole.

The Federal Trade Commission found in August 2025 that some of the fastest-growing scams targeting older adults use fear and urgency to override good judgment. A caller may claim your bank account was hacked and say you need to move your money immediately to protect it. However, the money does not move to safety. It goes straight to the scammer.

HOW TO HAND OFF DATA PRIVACY RESPONSIBILITIES FOR OLDER ADULTS TO A TRUSTED LOVED ONE

AI voice-cloning tools have made these scams even more convincing. Scammers can use a birthday video, voicemail or social media clip to mimic a grandchild’s voice. Then they place the call. The voice sounds familiar, the emergency feels real and the request for bail money seems urgent. The FBI counted $352 million in AI-related scam losses among victims 60 and older this past year.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (This Saturday, June 13, 10 am ET)

• Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com

What makes grandparents worth targeting

The same three pieces of data are required for identity verification at most banks, brokerages, pension recordkeepers, and Medicare: date of birth, last four digits of a Social Security number, and a current mailing address. For most people in their sixties and seventies, all of those accounts are open.

Those three fields have turned up in breach after breach. The Conduent Business Services breach pulled names, SSNs, dates of birth, and home addresses for more than 25 million Americans from systems that process Medicaid records and employer health plans. Texas Attorney General Ken Paxton called it the largest data breach in U.S. history in February 2026.

Americans between 65 and 74 held a median net worth of $409,900 in 2022, according to the Federal Reserve’s Survey of Consumer Finances, more than ten times the median for adults under 35. The FBI found average losses of approximately $38,500 per victim among Americans 60 and older in 2025, nearly double the figure for younger filers.

Why elder fraud losses are often underreported

Older adults reported $2.4 billion in fraud losses to the Federal Trade Commission in 2024. However, the FTC’s December 2025 report to Congress estimated that real losses may have reached $81.5 billion that year. Most cases likely went unreported.

That gap makes identity theft harder to stop. A fraudulent wire from a pension account may never alert a bank. A new credit account opened with stolen information may not reach the victim until it appears on a credit report. By then, weeks may have passed since the application was approved.

Account protections worth setting up

Scammers move fast, so it helps to set up account protections before anything goes wrong. These steps can give banks, brokerage firms and family members more ways to spot trouble early.

1) Add a trusted contact to brokerage accounts

Brokerage accounts have a protection option many account holders never activate: a trusted contact designation. Under FINRA Rule 4512, brokerage firms must ask for a trusted contact when you open or update an account. A trusted contact can be a family member, attorney or accountant. The firm can contact that person if it suspects financial exploitation or cannot reach you. However, that person cannot trade, withdraw funds or view your account balances. FINRA, the SEC and the North American Securities Administrators Association asked investors in August 2025 to contact their firm and add one. You can name more than one trusted contact. You can also change the designation at any time.

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

2) Ask about holds on suspicious withdrawals

Under FINRA Rule 2165, brokerage firms can place a temporary hold on disbursements when they reasonably believe financial exploitation may be happening. That hold can last up to 55 business days. In January 2026, FINRA proposed extending the window to 145 business days. Ask any firm holding a pension, brokerage or annuity account about its policy on disbursements after an address change.

3) Verify urgent calls before sending money

When a caller claims a grandchild is in trouble or a federal agent needs immediate action, hang up. Then call back using a number you already have, not the number in the message. The FTC found that 41% of older adults who reported losing $10,000 or more to impersonation scams in 2024 said a phone call was the initial point of contact. That makes one simple habit especially important: verify the story before you act.

4) Block online changes to Social Security

Social Security lets you block electronic and automated telephone access to your account record. Once blocked, no one can change your direct deposit information or mailing address online or through the automated phone system. After that, any changes must go through a live SSA representative at 1-800-772-1213 or a field office visit. FINRA also operates a free Securities Helpline for Seniors at 844-574-3577, Monday through Friday, 9 a.m. to 5 p.m. ET.

Identity theft recovery is harder on your own

Even strong account protections may not catch every scam attempt. That is why identity theft monitoring and recovery support can help families respond faster when personal information gets exposed or misused.

Some identity theft protection services monitor dark web marketplaces, data broker sites and people-search sites for exposed Social Security numbers, addresses and other personal information. If fraud happens, recovery support may help contact creditors, file disputes with the three credit bureaus and organize the documentation needed to restore an identity.

OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY

Some plans also include identity theft insurance for eligible recovery costs, such as lost wages and legal fees.

No service prevents every misuse of an older adult’s identity. However, family monitoring and fraud resolution can shorten the time between when theft happens and when you or someone in your family acts on it.

See my tips and best picks on Best Identity Theft Protection at Cyberguy.com

Kurt’s key takeaways

Grandparents have become a prime target because scammers know where the money is and how to create panic fast. A familiar voice, a stolen Social Security number or a fake emergency can turn one phone call into a devastating loss. The best defense starts before the call comes. Add trusted contacts to financial accounts, block online Social Security changes, verify urgent requests through a number you already know and talk openly with family about scam warning signs. Identity theft protection can also help spot exposed personal information and speed up recovery if fraud happens. No family can stop every scam attempt. However, a simple plan can give older adults more time, more backup and a better chance of keeping their money safe.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Is enough being done to stop scammers from using AI voices and stolen data to target grandparents? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.