An iPhone user posted on Macrumors that after her iPhone was stolen she activated the device's Lost Mode to lock it down. She then received a message alerting her that the phone had been located, according to a January 28 Malwarebytes post.
The message prompted the victim to verify her Apple ID on what turned out to be a phony website that mimicked Apple's official iCloud login page. No security warning was given and the victim's information went directly to the thieves, the post said.
"The trick is clever and not many people would suspect this is a fraudulent website. Add to this the euphoria of knowing your precious phone was allegedly found, and proceeding to enter your Apple ID and password seems like a no brainer," Malwarebytes wrote.
Apple has been notified.