Phishing Scam Targets iMessage Users

Phishing scams are increasingly targeting Apple iMessage users, exploiting a trick that disables the app’s built-in phishing protection. This manipulation aims to re-enable disabled links, putting users at risk.

Mobile devices have become central to daily activities such as paying bills, shopping, and staying connected. As a result, cybercriminals are escalating SMS phishing (smishing) attacks to steal sensitive information. To combat such threats, Apple iMessage automatically disables links in texts from unknown senders, including those from unfamiliar email addresses or phone numbers.

However, this safeguard has a loophole. If a user replies to these messages or adds the sender to their contacts, the links become active again. Reports reveal a recent surge in smishing attempts where users are tricked into responding to suspicious texts.

For example, cybercriminals send fake messages claiming issues like unpaid road tolls or shipping problems. These texts often include instructions asking users to reply with “Y” or take similar actions. By responding, users unknowingly activate phishing links and disable iMessage’s protection for that message.

This tactic leverages user familiarity with standard text commands like “YES” or “STOP” often used to confirm appointments or opt out of services. Unfortunately, such responses also alert attackers that the recipient is an active target, potentially exposing them to further phishing attempts.

Even users who don’t click on the activated links risk becoming bigger targets for future scams. Vulnerable individuals, such as older adults, may find these phishing messages particularly convincing, leading to the theft of personal or financial information.

How to Stay Safe

To avoid falling victim, never respond to texts from unknown senders. If you notice links are disabled in a message, treat it as suspicious. Always verify the authenticity of the sender before taking any action.