In order to prevent data loss and resale of lost iPhones, Apple has taken certain security measures, so that the user's data is not compromised, at least. But if you have an Apple device, you may fall prey to this popular phishing attack.
After an iPhone is lost, the user can report it stolen, so the iPhone locks itself with a message on the screen which displays an alternate contact number. Online, Apple also has the feature of "Locate my iPhone" where you can locate its current location real-time on the maps by logging in to your iCloud account.
However, the phone can be unlocked and the "bad guys can reset (and later resell) your stolen iPhone." A recent tweet by a security researcher and cyber observer details out how phishing can be used to gain the most sensitive information here, which is the user's apple id and password, and use it to unlock the lost iPhone. Against this phishing, the average Joe, he says, "stands no chance."
"You receive a message from "Apple" to your recovery phone. In your native language, perfectly spelled. This looks legit, and you're happy because you might have a chance to get back your lost phone, right?" the tweet reads.
— x0rz (@x0rz) 7 September 2018
Later on, when you click on the link, the interface is designed in a way which looks almost convincing to the regular eye. There, you are asked to enter your Apple ID and password, which is then locally stored and later used to unlock and access your lost iPhone, and resell it too, all of this while compromising with your personal data, this in case if you have not deleted it already.
A very simple way to deal with these kinds of phishing attacks is to make sure that you do not click on any links that come through text messages, as these messages and links can be spoofed easily. In case you have to use the "Locate my iPhone" feature, use it officially through apple.com or icloud.com, and not anywhere else.
These kinds of attacks do not just happen on iPhones. Any kind of Apple device linked to an Apple ID can fall prey to this.