Cybercriminals are exploiting a trick to bypass Apple iMessage’s built-in phishing protection.
According to Bleeping Computer* they send smishing (SMS phishing) messages from unknown senders, which iMessage automatically disables links for. However, if users reply to these messages or add the sender to their contact list, the links become enabled again.
Recently, there has been a surge in smishing attacks where users are tricked into replying to texts to re-enable links. These messages often ask users to reply with “Y” to activate the link. This tactic has been increasingly used over the past year. By replying, users not only enable the links but also signal to the attackers that they respond to phishing texts, making them more likely targets.
Cybercriminals have yet again worked out a simple security bypass by forcing people to reply to the message which in response enables the links. Smishing remains a huge attack vector, but most people tend to spot them with giveaway telltale signs or from immediately questioning their authenticity. However, some still may fall victim to the influential techniques used in manipulating people into a quick reply which will enable a dodgy link.
Therefore, always avoid replying to messages from unknown contacts as this could disable iMessage’s built-in protection and expose you to phishing attempts. Always verify the legitimacy of any message whether it be iMessage or within any platform before taking any action, especially if they request sensitive information.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
Comments