Apple Users Warned of New Hybrid Cyber Scam

The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, has issued an advisory warning Apple users about a new form of hybrid cybercrime that combines physical theft with online phishing attacks. The scam typically begins when a user's iPhone is lost or stolen and switched off by criminals.

Fraudsters exploit the victim's attempt to locate the device through Apple's "Find My" feature. Using international messaging services, they send fake messages claiming the phone has been located and provide a link to track it. The link leads to a counterfeit iCloud login page designed to steal the victim's Apple ID and password.

Once the credentials are compromised, cybercriminals gain access to the victim's iCloud account, including photos, documents, emails, chats, contacts, and other sensitive personal information stored in the cloud. This data can then be misused for identity theft, financial fraud, extortion, or unauthorized access to other connected accounts.

Authorities describe this as a "hybrid" cybercrime because it combines physical possession of the stolen device with online deception. The criminals use information from the stolen phone to target the owner digitally and trick them into revealing their credentials.

I4C has advised Apple users to remain vigilant and never enter their iCloud credentials through links received via SMS or messaging platforms, especially those claiming to help locate a lost device. Users should access iCloud and Find My services only through official Apple applications or trusted websites.

The advisory serves as a reminder that cybersecurity threats are increasingly blending physical and digital tactics. Keeping devices secure and verifying every communication before sharing credentials remains the best defense against such attacks.