Phishing Texts Exploit iMessage to Disable Protection

Appleimessagescam

Cybercriminals have devised a method to exploit Apple iMessage’s built-in phishing protection by tricking users into re-enabling dangerous links in text messages.

With mobile devices playing a central role in daily activities like bill payments, shopping, and communication, smishing (SMS phishing) attacks on mobile numbers have become increasingly common.

How iMessage Protects Users

Apple iMessage automatically disables clickable links in messages received from unknown senders, such as those from unfamiliar email addresses or phone numbers. This feature acts as a safeguard against malicious links commonly found in smishing texts.

However, Apple informed BleepingComputer that replying to such a message or adding the sender to your contact list re-enables these links, potentially exposing users to phishing attacks.

The Trick: Getting Users to Reply

In recent months, a surge in smishing attacks has been observed, where scammers manipulate users into replying to a text, thus bypassing iMessage’s phishing protection.

For example, scammers may send messages about fake USPS shipping issues or unpaid road tolls, which include links disabled by iMessage. These messages often include instructions like:

“Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”

This tactic has gained traction over the past year, with a noticeable increase since the summer.

Why This Trick Works

Many users are accustomed to replying with “STOP,” “YES,” or “NO” to manage appointments or opt out of subscriptions. Scammers exploit this familiarity, hoping recipients will respond, unknowingly re-enabling the disabled links.

Even if a user doesn’t click on the link, replying signals to the attacker that the recipient is responsive, potentially making them a future target for more sophisticated phishing attempts.

A Common Target: Vulnerable Users

While tech-savvy individuals may recognize these attacks, scammers often target less experienced users, such as older individuals. These users may unwittingly provide personal information, credit card details, or other sensitive data, which attackers then steal.

How to Stay Safe

If you receive a message with disabled links or from an unknown sender asking you to reply, do not respond.

  • Avoid adding unknown senders to your contact list.
  • Delete suspicious messages immediately.
  • Report smishing attempts to your mobile carrier or Apple.

By staying vigilant and understanding the tactics used by cybercriminals, you can protect yourself and others from falling victim to phishing attacks.

Source

Control F5 Team
Blog Editor
Relational Services
Web Applications
Dev Ops
Mobile Applications
MVP Development
Software Testing
UI / UX Design
OUR WORK
Case studies

We have helped 20+ companies in industries like Finance, Transportation, Health, Tourism, Events, Education, Sports.

 
AI Powered News Portal and Aggregation App
Web & Mobile Application Journalism
AI Powered News Portal and Aggregation App
Case Study
Data Computing Visualization Platform for Ernst & Young
Web Platform Financial
Data Computing Visualization Platform for Ernst & Young
Case Study
Suite of Applications for Fintech Trading Company
Suite of Applications Financial
Suite of Applications for Fintech Trading Company
Case Study
Reservation Platform For Travel Agency
Web Platform Travel
Reservation Platform For Travel Agency
Case Study
Online Road Tax Payment Platform
Web & Mobile Application Transportation
Online Road Tax Payment Platform
Case Study
Team Augmentation and Consultancy for A SaaS Company
Team Augmentation Hospitality
Team Augmentation and Consultancy for A SaaS Company
Case Study
Wedding Photographers And Videographers Marketplace
Marketplace Events
Wedding Photographers And Videographers Marketplace
Case Study
Portal & Online Magazine for Brides
Online Magazine Events
Portal & Online Magazine for Brides
Case Study
Custom eCommerce Solution for Cosmetics Company
Online Shop eCommerce
Custom eCommerce Solution for Cosmetics Company
Case Study
Web Application for Comparing Tariff Plans and Phone Offers
Web Application Telecom
Web Application for Comparing Tariff Plans and Phone Offers
Case Study
Dental Clinics Marketplace
Marketplace Health
Dental Clinics Marketplace
Case Study
Micro-services Solution for Hotel Reservation Agency for Realtime Pricing Update
Backend System Travel
Micro-services Solution for Hotel Reservation Agency for Realtime Pricing Update
Case Study
 
View all case studies
READY TO DO THIS
Let’s build something together
Contact us