Your iPhone has some excellent anti-theft features that make it difficult for thieves to use the device. Even if someone wipes your phone, they’ll still need your Apple ID and password to get into it and turn off “Find My”—which they’ll need to do if they ever want to sell it.
However, the information on your phone isn’t necessarily totally safe. Since Apple’s safeguards are good enough to keep your data away from prying eyes, scammers have moved on to target the most vulnerable point in the system: you.
How this scam works
Several people whose iPhones were stolen have shared their experiences on Reddit. User u/navalsquat described how the scam works: After losing possession of your phone, you are contacted by someone pretending to be a good samaritan. These scammer claims to be concerned about your privacy, saying they have purchased what now appears to be a stolen phone on Facebook Marketplace or a similar secondary market, and turned it on to discover it’s jammed full of your personal data. They’re writing to let you know, and to ask you to remove the device from your Apple ID, lest all that juicy data remain in a stranger’s hands. Isn’t that nice of them—saving you some worry about your data. Everyone’s a winner! Or would be, if they weren’t actually just trying to get you to essentially give them the phone free and clear.
People who lose their phones are usually stressed and would want to do whatever it takes to easily recover the iPhone. When someone is bombarding you with texts and claiming their actions could help, you can slip up and make a mistake. This reaction is what the scammer is aiming for. Removing your Apple ID from the iPhone allows the scammer to unlock the iPhone for their own needs, or sell it to someone else.
If you ignore the message or avoid removing the device from your Apple account, there isn’t much the thief can do other than try to sell it to an unsuspecting buyer who doesn’t realize they’re buying a glorified paperweight.
In another version the scam, you may receive a text that looks like it is from Apple, including a link that looks suspiciously like an Apple URL: Lcloud.com (when spelled with a lowercase L, it looks like iCloud.com). When you click this link, the page will look almost exactly like Apple’s official website. The moment you enter your credentials, however, the scammer gains access to your Apple ID.
How scammers find your contact details
If you’re wondering how someone finds your contact info after stealing your iPhone, the answer is easy. You can use Siri on any iPhone and ask: “Whose iPhone is this?” This shows your contact information to anyone who has access to your device.
You can block this feature by disabling Siri when the iPhone is locked, but it’s not worth the risk. Remember, this is also the option that allows strangers to contact people in your address book if you’re having a medical emergency.
In addition, scammers can also remove your SIM card and use it with another phone to find your phone number.
What you to do when your iPhone is stolen or lost
Instead of paying attention to strangers’ texts, the first thing you should do if your phone goes missing is mark your it as lost. The simplest way to do so is by going to the Find My app on any connected Apple device. In case you don’t have access to another Apple device, go to iCloud.com/find, sign in to your Apple ID, and mark the device lost.
The on-screen steps will guide you through the process, and you can even leave a contact name and number for people to reach out to if they wish to return your device. Once that’s done, do not remove the device from your Apple ID, or from lost mode, until your iPhone is returned to you—and watch out for any suspicious or unexpected requests to sign in to any site using your Apple ID or to remove devices from your Apple account.