Hackers have devised a simple text scam to bypass Apple’s iPhone protections
The more we use our iPhones to chat, the more smishing (SMS phishing) attacks try to trick us into compromising our accounts. According to research by Bleeping Computer, the latest wave of attacks is simple but includes serious efforts to bypass Apple’s way of protecting users from using bad web links.
The whole scheme merely attempts you to reply to a text, even if it’s simply with a Y. Why? So the link in the original text will become active.
Here’s how it works. When an Apple user gets a text message from an unknown user, any web links in the message are disabled to cut down on users unknowingly using a malicious link. However, as Bleeping Computer confirmed with Apple, if the user replies to the text, the links become enabled.
Even if you do reply but do not open the link, the sender is now acknowledged by iMessage as known to you. That means that the attacker could send further smishing messages in the future, and those messages will have links that can be activated within the message, increasing your risk. The link could contain adware or spyware, or lead to a website that prompts you to input login information.
With text messages used frequently for notifications, it’s easy for even the most aware user to mistakenly trigger a phishing attack. The best way to avoid being a victim is to never reply to a text message with disabled links from an unknown sender. If you used a service through an app, check the app for updates, or contact the service directly. If you have a tracking number, the service will likely have a website where you can track the status of your order.
How to protect yourself from hacker attacks
Text messaging is convenient, but it also leaves you vulnerable to attack. Don’t use links in text messages whenever possible; always check the URL if you absolutely need to use the link. Attackers will disguise fake domains to look like legitimate ones. Apple has protections in place within its operating systems and the company releases security patches through OS updates, so it’s important to install them when they are available.
Macworld has several guides to help, including a guide on whether iPhones are virus-proof, how to remove a virus from an iPhone or iPad, whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.