In News:

The National Cybercrime Threat Analytics Unit (NCTAU) of the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs issued a nationwide advisory warning iPhone users about a sophisticated "hybrid cybercrime" campaign targeting people whose devices have been lost or stolen. The advisory highlights the growing convergence of physical theft with digital fraud — a new frontier in cybercrime requiring urgent public awareness.

The Modus Operandi: A Three-Stage Attack

Unlike mass phishing campaigns sent indiscriminately, this campaign focuses on a narrower group: people whose iPhones have recently been lost or stolen. The perpetrators may already possess the physical device, making the attack more dangerous because the phishing attempt is not random — it is linked to a real incident in the victim's life.

• Stage 1 — Targeted Victim Selection: Criminals identify individuals with recently lost or stolen iPhones, exploiting the psychological vulnerability of device loss — photos, contacts, bank-linked apps, and personal data.
• Stage 2 — Phishing SMS Delivery: Attackers impersonate Apple Support and exploit victims' urgency by sending fraudulent SMS messages containing phishing links. The messages closely resemble legitimate "Find My iPhone" or Apple Support notifications, typically sent from numeric SMS headers, claiming the lost device has been temporarily switched off or that urgent action is required to erase contacts, media, and other data.
• Stage 3 — Credential Theft and Account Takeover: The phishing links redirect users to fake websites designed to closely resemble legitimate Apple or iCloud login pages. Victims are prompted to enter their Apple ID credentials, followed by One-Time Passwords (OTPs) or two-factor authentication codes sent by Apple. Once obtained, perpetrators gain unauthorised access to the victim's iCloud account, remove the Apple ID linked to the stolen device, disable 'Find My iPhone,' and bypass security protections. The stolen device can then be resold or reused without restrictions.

What is Phishing?

Phishing is a social engineering cyberattack that uses deceptive messages from seemingly legitimate sources to trick victims into revealing sensitive information — login credentials, passwords, OTPs, or financial data. Modern phishing employs domain spoofing, fake websites, generative AI-crafted messages, and SMS-based smishing to maximise credibility and urgency. It commonly supports downstream crimes like account takeovers, ransomware attacks, and financial fraud.

About I4C: India's National Cybercrime Architecture

The Indian Cybercrime Coordination Centre (I4C) was established under the Ministry of Home Affairs as a nodal agency to coordinate India's fight against cybercrime. Its key components include:

• National Cybercrime Threat Analytics Unit (NCTAU) — threat identification and advisory issuance
• National Cybercrime Reporting Portal (NCRP) — centralised complaint platform
• National Toll-Free Helpline '1930' — citizen assistance for financial cyber fraud
• CyberDost — social media handle for cyber safety awareness
• Pratibimb — geospatial crime mapping platform for law enforcement
• Citizen Financial Cyber Fraud Reporting System — near-real-time fraud reporting and fund-siphoning prevention
• Cyber Crime Volunteers Program — citizen engagement in cybercrime prevention

Protective Measures Advised

I4C recommended the following safeguards:

• Approach any SMS links related to lost or stolen devices with healthy scepticism, particularly when messages originate from unfamiliar, numeric, or international identifiers.
• Never enter Apple ID credentials or OTPs on pages accessed through SMS links.
• Always access Apple services directly through the official website or the device itself.
• Keep "Find My iPhone" enabled and regularly update recovery contact information.
• Report suspicious messages to 1930 or via the NCRP portal.