Very common to then aggressively try to phish the user's iCloud credentials and remove the activation lock; third-party vendors offer this sort of service, and they're very convincing.