In a worrying development, cybercriminals have devised a new way to circumvent Apple’s built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic takes a security feature designed to protect you and turns it into a vulnerability that can lead to significant personal and financial risk.
Introducing the latest and greatest AIRPODS PRO 2
Enter the giveaway by signing up for my account Free newsletter.
A phishing text message was sent from the scammer to your iPhone (Kurt “CyberGuy” Knutson)
The trick was revealed
Apple’s iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple “Y,” attackers can re-enable previously disabled links. This seemingly innocuous action not only activates links, but also signals to fraudsters that they have found a common target for future attacks.
We reached out to Apple for comment but did not hear back before our deadline.
A phishing text message was sent from the scammer to your iPhone (Kurt “CyberGuy” Knutson)
How to protect your iPhone and iPad from malware
Common phishing lures
These scams are often disguised as notifications from trusted organizations, such as:
- Undeliverable packages from courier services (USPS, DHL, FedEx)
- Unpaid road tolls
- Payments or fees due
Messages typically end with instructions like: “Please reply with Y, then exit the SMS, reopen the SMS activation link, or copy the link to open in Safari.”
Phishing text messages were sent from the scammer to the iPhone (Kurt “CyberGuy” Knutson)
The one simple trick to help avoid cyber creeps on iPhone
The growing threat from SMS phishing
This new tactic is part of a broader trend of Phishing attacks via SMS. Targeting mobile phone users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a major threat to users’ security and privacy.
Does my iPhone need virus protection?
How to protect yourself
To protect against these sophisticated phishing attempts, consider the following steps.
1) Never respond to suspicious messages: Avoid responding to text messages from unknown senders, especially those that ask you to respond to activate links. In addition, make sure Delete suspicious text messages and block the sender To prevent further attempts. Since the sender is not in your contact list, you can click Report spam At the bottom of the text. Then click Delete and report junk mail. This will report the conversation as spam by sending it to your wireless carrier and Apple using your phone number.
2) Verify the sender’s identity: Contact organizations directly through official channels if you are unsure of the legitimacy of the message.
3) Be skeptical of urgency: Scammers often use urgent language to encourage quick and ill-considered action.
4) Enable message filtering: Use your device’s built-in filtering options to sort messages from unknown senders. Here are the steps:
- It opens Settings
- Scroll down and click Applications
- handle Messages
- employment Filter out unknown senders
This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.
5) Use two-factor authentication (2FA): 2FA It adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or an authenticator app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.
6) Have a powerful antivirus program: The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install antivirus software on all of your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS.
7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to get your contact information, which may prevent them from sending you these iMessage phishing messages in the first place. Although no service promises to remove all your data from the Internet, getting a removal service is great if you want to continuously monitor and automate the process of removing your information from hundreds of sites over a longer period of time. Check out my top picks for data removal services here.
What to do if you are targeted
If you suspect you have been the victim of a phishing attack:
- Report the incident To the relevant authorities and institutions
- Freeze your credit To prevent possible identity fraud
- Change passwords and PINs For all your accounts; Consider using a Password manager To create and store complex passwords
- Monitor your finances and account onlinefor suspicious activity
- Use an identity theft protection service: Identity theft companies can monitor personal information such as your Social Security number, phone number, and email address and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses, legal fees, and a fraud resolution team where a US-based case manager helps you recover any losses. Check out my tips and top picks on how to protect yourself from identity theft.
Key takeaways for Kurt
This latest hoax targeting iMessage users is a reminder that even seemingly secure systems can be vulnerable to social engineering. By being vigilant and following digital security best practices, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.
What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing to us at Cyberguy.com/Contact.
For more tech tips and security alerts, sign up for the free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or tell us what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most frequently asked questions about CyberGuy:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
