Phishing Texts Trick Apple Users Into Disabling Protection

Threat actors are using deceptive tactics to bypass Apple iMessage’s phishing protection, tricking users into enabling disabled links in fraudulent messages. These smishing attacks target mobile users with fake texts posing as trusted entities, in an effort to manipulate recipients into compromising their security.

Apple iMessage automatically blocks links in messages sent by unknown email addresses or phone numbers. However, if a user responds to the message or adds the sender to their contacts, the disabled links are reactivated.

Recent months have seen a rise in smishing attacks where scammers impersonate organizations like the USPS or toll authorities, sending messages that claim shipping issues or unpaid fees. These texts instruct recipients to reply with a simple “Y” or other familiar phrases to enable links. Phrases like “Reply Y to activate” or “Exit and reopen the message link” are designed to appear routine and innocuous, making it more likely for recipients to comply.

This tactic exploits user habits formed by legitimate practices, such as responding “STOP” or “YES” to manage text subscriptions. When users reply, they not only re-enable phishing links but also signal to the attacker that they're falling for the scam. This increases the likelihood that the scammer will target the same user again in the future.

Even without clicking the re-enabled links, users become vulnerable by responding, as it confirms their phone number is active and monitored.

Often, the targets of these scams are less tech-savvy individuals or older users who might not recognize the red flags in these messages. Such individuals are particularly at risk of entering sensitive information, such as credit card details or personal data, that attackers can then exploit.

To avoid falling victim to these scams, users should avoid replying to texts from unknown senders, especially when links are disabled. Instead, they should directly contact the relevant company or organization for verification. This precaution helps maintain security, preventing inadvertent exposure to cyber threats.