Apple’s security stack has long relied on the Find My network to lock and locate lost devices. Recent findings from cybersecurity firm Infoblox show that thieves can bypass this protection by hijacking the phone’s lock screen message. A single text link can redirect owners to a counterfeit Find My page that harvests their PIN.

The attack exploits the contact number owners place in the lock screen, turning it into a phishing vector. Victims receive a spoofed URL such as applemaps-support[.]live, which opens a fake portal demanding a PIN. Infoblox estimates that over 800,000 such malicious links surface annually, underscoring the scale of the threat.

Telegram groups now sell unlocking tools for less than $10 per device. These kits, labeled “FMI OFF” or “iCloud Webkit,” trick users into surrendering Apple ID credentials or passcodes through social‑engineering scripts and AI‑driven calls. While newer iPhones resist jailbreaking, the tools sidestep Find My by exploiting phone‑level authentication.

Users should double‑check any messages about their device, verify domains, and avoid giving credentials over the phone. Enabling Stolen Device Protection, introduced with iOS 26.4, changes a stolen iPhone’s behavior to better shield owners. Until Apple hardens the lock‑screen phishing vector, criminals will likely keep refining their tricks.