A new phishing operation is targeting Apple iMessage users to execute a malicious tactic. Reports revealed that the operation is trying to disable the software’s built-in phishing security for text messages and trick consumers into reactivating disabled phishing URLs.
Threat actors are increasing their smishing attacks against mobile phones used for various daily activities, such as shopping, bill payments, and chatting. In this case, Apple’s iMessage automatically disables links from unknown senders, regardless of whether they contain an email address or a phone number, to protect users from such malicious activities.
However, Apple explained on one of its inquiries that if a user responds to a message or adds a sender to their contact list, the links will be enabled.
The phishing campaign tricks Apple iMessage users.
A surge of smishing attacks in recent months has been targeting Apple iMessage users, who are being fooled into responding to a text message to reactivate links.
According to investigations, unknown senders sent false USPS shipping issues and an unpaid road toll SMS, and iMessage automatically removed the links. However, none of these phishing lures is novel. Still, these smishing texts urge users to respond with “Y” to allow the link.
Because users have adjusted to texting STOP, YES, or NO to confirm appointments or opt out of text messages, threat actors exploit this standard move to instruct the text recipient to respond to the text that could eventually allow the links.
Subsequently, this will enable the links again and turn off iMessage’s built-in phishing protection for this text. Even if a user does not click on the newly enabled link, responding informs the attackers that they now have a target who commonly responds to unknown SMS, marking them as a prospected target.
While most regular users know and recognise these phishing messages, older adults may still be the most susceptible to these activities.
Therefore, these demographics are frequently the targets of phishing communications, prompting them to provide personal, credit card, or other information, which the attackers then steal. To avoid these malicious activities, users should avoid or mitigate engaging with unsolicited messages from unknown sources.
The younger generation proficient in modern technology should take time to teach or raise awareness among older people about the dangers of unwanted messages to help them avoid being victimised by cybercriminal activities.
