Cyber Security Center

“Your iPhone has been located” text message scam


“Your iPhone has been located” text message scam attempts to phish sensitive information

“Your iPhone has been located” text message scam is a phishing attempt to get users’ Apple logins. The phishing attempt is rather simple. You receive a text message that simply says your iPhone (model, color, storage GB) has been located today and you can check the location by clicking on the provided link. If you click on it, you would be taken to a website imitating a legitimate iCloud or some other Apple site, and would be asked to put in you Apple ID and password. If you do get phished, aka provide your Apple ID and password, your Apple account would get accessed and information would be stolen. If you phone or some other device has been indeed stolen, malicious actors would login and disconnect the device from “Find My iPhone”, and you would be unable to locate it, lock, delete data, etc.

Your iPhone has been located

You are likely to get this kind of message if you have recently lost your phone and someone with malicious intent picked it up. Since you actually lost your iPhone, you may not think it’s unusual that Apple’s sending you an update on the location. However, even users whose iPhones have not been stolen/lost would be curious as to why they’re getting this kind of message, thus would click on it. It’s a somewhat sophisticated phishing attempt.

Apple does not send messages with location updates

If you’re wondering how you can differentiate between a phishing attempt and when Apple is actually sending you an update on location, it’s actually pretty simple. Apple does not send messages about stolen devices. It won’t ever contact you via message and say that your device has been located. The only way you can check whether your device’s location has been identified is by going to the app Find My iPhone or logging into iCloud via browser.

More sophisticated scammers sometimes go further and manage to make it seem like the message actually comes from Apple. It would land under the same sender as would two-factor-authentication codes, so users would be reassured that it’s actually Apple contacting them when in reality it’s scammers.

If you have not lost your device and receive the “Your iPhone has been located” text message, you should delete it. If your Apple device has indeed been stolen/lost recently, you should still delete the message. If you want to see your device’s last known location, use the Find My iPhone app or log in to iCloud via browser.

If you have clicked on the link and typed in your Apple ID and password, change your password immediately. Furthermore, if you have set up social media, email, banking, or any other important accounts on your phone, disconnect everything as soon as possible and change passwords.