{"id":25669,"date":"2025-01-13T08:10:05","date_gmt":"2025-01-13T16:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2025\/01\/13\/news-19392\/"},"modified":"2025-01-13T08:10:05","modified_gmt":"2025-01-13T16:10:05","slug":"news-19392","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/01\/13\/news-19392\/","title":{"rendered":"iMessage text gets recipient to disable phishing protection so they can be phished"},"content":{"rendered":"\n<p>A <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2021\/04\/what-is-smishing-the-101-guide\">smishing (SMS phishing)<\/a> campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple&#8217;s built in phishing protection.<\/p>\n<p>For months, iMessage users have been posting <a href=\"https:\/\/x.com\/reportsmishing\/status\/1775817804077244739\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">examples<\/a> online of how phishers are trying to get around this protection. And, now, the campign is gaining traction, according to our friends at<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/phishing-texts-trick-apple-imessage-users-into-disabling-protection\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> BleepingComputer<\/a>.<\/p>\n<p>It works like this: Under normal circumstances, iMessage will disable all links in messages from unknown senders to protect the user against clicking them by accident. However, if a user replies to a message or adds the sender to their contact list, the links are enabled, allowing the person to click on the link.<\/p>\n<p>The text of the messages comes in all the variations that phishers love to use:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/04\/usps-your-package-could-not-be-delivered-text-is-a-smishing-scam\">Undeliverable packages<\/a> from USPS, EVRI, Royal Mail, DHL, Fedex, etc.<\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/08\/sms-scammers-use-toll-fees-as-a-lure\">Unpaid road toll<\/a>.<\/li>\n<li>Owed shipping fees.<\/li>\n<li>Other outstanding payments that you are unaware of.<\/li>\n<\/ul>\n<p>But they all end in a similar way to this:<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"411\" height=\"163\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/01\/instructions.jpg\" alt=\"smishing instructions\" class=\"wp-image-147561\" \/><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201c(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)\u201d<\/p>\n<\/blockquote>\n<p>Replying with Y (or actually anything) will enable the links and turn off iMessage&#8217;s built-in phishing protection. Clicking the link will then lead the recipient to whatever malicious website the phisher had in mind. Even if the user just replies with \u201cY\u201d and then decides not to follow the link\u2014because it looks slightly off\u2014the phishers will know that they have found a likely target for more attacks.<\/p>\n<p>It&#8217;s also important to know that there are similar instructions for the Chrome browser:<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"370\" height=\"139\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/01\/instructions2.jpg\" alt=\"Chrome instructions \" class=\"wp-image-147562\" \/><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cReply with 1, exit the SMS message, and reopen the SMS activation link, or copy the link to Google Chrome to open it.)\u201d<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"h-how-to-avoid-smishing-scams\">How to avoid smishing scams<\/h2>\n<ul>\n<li>Never reply to suspicious messages, even if it\u2019s only a \u201cY\u201d or \u201c1.\u201d It will tell the phishers they have a live number and they will bombard you with more attempts. <\/li>\n<li>Never add a number you don&#8217;t know to your Contacts as that will disable the iMessage protection as well.<\/li>\n<li>Don\u2019t assume any message is the real deal. If you\u2019re being asked to do something, contact the company directly via a known method you trust. If it turns out to be a fake, you should be able to report it to them, there and then.<\/li>\n<li>If you live somewhere with a Do Not Call list or spam reporting service, make full use of it. Report bogus messages and numbers.<\/li>\n<li>Your mobile device may already have some form of \u201csafe\u201d message ID enabled without you knowing. It\u2019s tricky to give specific advice here because of the sheer difference of options available on models of phone, but the Options \/ Safety \/ Security \/ Privacy menus are a good place to start.<\/li>\n<li>Check the link before you click it or copy it in your browser. Is it exactly what you would expect it to be? Scammers often use<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2016\/06\/explained-typosquatting\"> typosquatting<\/a> techniques (for example evri[.]top instead of the legitimate evri[.]com, or they fabricate a link that uses the subdomain to make it look legitimate (for example usps.com-track.infoam[.]xyz). If it doesn&#8217;t look real then don&#8217;t click on it.<\/li>\n<li>If a message sounds too good (or bad) to be true, it probably is.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/01\/imessage-text-gets-recipient-to-disable-phishing-protection-so-they-can-be-phished\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Smishing messages that come with instructions to bypass iMessage&#8217;s protection against links are on the rise <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32,32288,32289,12795,15550],"class_list":["post-25669","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-news","tag-reply","tag-shortened-urls","tag-smishing","tag-typosquatting"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25669"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25669\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}