Be careful, hackers have found a way to bypass Apple’s security systems against phishing on iPhone. They send malicious SMS messages that disable an essential function.
Online savings and credits, false unpaid fine, retirement, expired Netflix subscription, Vitale card to renew, taxes, Mondial Relay parcels… Scammers use all means and all possible reasons when it comes to take your money! And for that, they love to send fraudulent SMS or emails to their potential victims by pretending to be an official organization or company.
To best protect its users, Apple’s iMessage application includes a function that automatically disables links in messages from unknown senders and stores those that may be dangerous in a special folder without any notification. A measure that helps prevent accidental clicks redirecting to fraudulent sites, which could potentially contain computer viruses. But there is a loophole that allows cybercriminals to bypass this security system. Indeed, Apple indicated to Bleeping Computer that if a user responds to this type of message or adds the sender to their contact list, the links will be activated, opening the way to fraud of all kinds.
iMessage phishing: an easily deactivated option
To encourage users to respond, and therefore deactivate Apple’s blocking system, the hackers directly ask users to respond with “Y” or “O” to activate the link. “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open”we can for example read in the smishing messages. As users are accustomed to typing STOP, YES or NO to confirm appointments or unsubscribe from SMS messages, cybercriminals rely on this reflex to encourage their victims to respond.
In addition, it remains dangerous even if the targeted person does not click on the compromised link, because responding to the phishing SMS signals to hackers that they read messages of this type and are therefore an easy target. In short, it’s like shouting “Rip me off!”
Also, it is better to avoid responding to messages from unknown contacts and check the authenticity of a message before making a decision. In case you have disabled iMessage protection, go to Settings > Apps > Messages > Message filtering > Enable Filter unknown senders.
If you are ever the target of an online or SMS scam, forward the message to Signal Spam immediately, Pharosor directly to 33,700the platform specializing in reporting scams. You can also report these fraudulent messages to the site internet-signalement.gouv.fr. Then block the sender’s number to no longer be bothered and delete the message in question. If necessary, you can also consult the website www.cybermalveillance.gouv.frwhich will remind you of the main precautionary measures to adopt when dealing with fraudulent SMS messages.