Products You May Like
iPhone users are experiencing a surge in so-called “smishing” attacks that encourage them to disable basic iMessage protections, according to the cybersecurity news site BleepingComputer. Once Apple’s scam guardrails are removed, users are more susceptible to suspicious links that extract personal information from their phones.
Smishing—short for SMS phishing—involves text messages that appear to be from reputable figures or organizations, despite their nefarious origin. Like any phishing attack, these attacks typically target a wide range of sensitive information, from passwords and Social Security details to bank account and credit card numbers. Rather than requesting personal details outright, smishing attacks tend to include URLs that, when clicked, install malware on the target device or obtain information about the device itself.
To protect iPhone users from smishing attacks, Apple automatically disables links sent within new iMessage conversations from phone numbers that aren’t in the target’s contact list. But responding to the text—or adding the phone number to one’s contacts—enables the links. This means baiting an iMessage user starts with one simple step: getting the user to reply.
Many of us are accustomed to responding “STOP” or “NO” to spam messages, especially after a major election cycle, when messages about voting and fundraising fill nearly every text inbox. When it comes to smishing, these responses do more harm than good. Though some smishing attempts ask targets to “reply Y,” attackers know that many text message recipients are likely to respond in a way that seems to end the conversation, but actually enables suspicious links. From there, all the target has to do is tap the URL.
I received my very own smishing text last month. Lucky me!
Credit: Adrianna Nine
“Even if a user doesn’t click on the now-enabled link, the act of replying tells the threat actor that they now have a target that responds to phishing texts, making them a bigger target,” says BleepingComputer owner and editor Lawrence Abrams.
Like most scams, however, many smishing attempts prey on the average person’s desires and fears. Mild smishing texts claim to come from the US Postal Service, which allegedly couldn’t deliver a parcel to the target’s address. Others allege that the target has forgotten to pay a toll and will be fined—or even sued—if they fail to pay. Regardless of the guise under which a smishing attempt operates, it always includes a seemingly convenient link, which the target can purportedly use to fix their problem.
The best thing a smishing target can do after receiving a text like this is to ignore and delete it, Abrams says. iMessage users who delete suspicious texts without replying can report the conversation as junk to Apple, though it’s unclear what exactly Apple does with reported message data.