Cybercriminals are employing a clever new tactic to bypass iMessage’s built-in phishing protection and target iPhone users with malicious links. This social engineering scam exploits a security feature that disables links from unknown senders, tricking users into enabling them through simple replies.
iMessage automatically disables links from unknown senders to protect users from potential phishing attacks. However, these links become clickable if the user replies to the message or adds the sender to their contacts. Scammers are exploiting this behavior by sending deceptive messages that mimic notifications from trusted organizations, often including instructions to reply with “STOP,” “NO,” or “Y.”
By replying to these messages, users inadvertently enable the malicious links and expose themselves to potential scams. Additionally, their response confirms to the attackers that the phone number is active and potentially susceptible to future attacks.
Protecting Yourself
While tech-savvy users may easily identify these phishing attempts, less experienced individuals could fall victim. To stay protected, it’s crucial to:
- Never reply to suspicious messages from unknown senders.
- Enable message filtering on your iPhone or iPad to separate messages from unknown contacts.
- Exercise caution even with filtered messages, as they may sometimes include legitimate communications.
Additional Tips
- Be wary of messages that create a sense of urgency or pressure you to take immediate action.
- Double-check the sender’s address or phone number to ensure it’s legitimate.
- Avoid clicking on links in messages from unknown senders, even if they appear to be from trusted organizations.
- Report any suspicious messages to Apple and your mobile carrier.
By staying vigilant and following these precautions, iPhone users can minimize the risk of falling prey to this new social engineering tactic.
