How Scammers Exploit Apple iMessage by Disabling Phishing Protection

Jimmy Jing

15 Jan 2025 — 1 min read

iPhone displaying phishing message in iMessage

Scammers targeting Apple iMessage users with phishing, also known as smishing, have devised a new tactic to undermine Apple's built-in security measures. According to recent findings, these scams have intensified since last summer, with an even greater influx over the recent months, endangering the individuals' data privacy.

Exploiting iMessage Security

Apple's default security settings automatically disable any links in text messages from unknown senders, encompassing URLs, email addresses, and phone numbers. This protection is nullified if the recipient replies to the message or adds the sender to their contact list, thereby activating the otherwise disabled links—a vulnerability that scammers are exploiting.

Common Phishing Techniques

Phishing schemes often include fake USPS missed delivery notifications or claims of outstanding highway tolls. Intriguingly, these messages typically instruct the user: "Please reply Y, then exit the text message and open it again to activate the link, or copy the link to your Safari browser and open it." Such actions inadvertently disable phishing protection by validating the message and its contents.

Typing any response whatsoever, even terms like Stop or Cancel, inadvertently deactivates built-in defenses, allowing harmful links to redirect users to malicious websites or download malware designed to harvest sensitive personal information.

The Perils of Validating Phone Numbers

Even without falling prey to the deception, any reply to a phishing message verifies the user's phone number to scammers, inevitably leading to more unwanted messages and attempted scams.

Protective Measures

To mitigate these risks, users should never respond to unexpected messages from unknown senders. Instead, promptly delete and report these messages as junk to both Apple and your telecom provider. For added assurance, directly contact the purported sender—such as USPS or any mentioned entity—through verified contact information to verify the legitimacy of any such communication.

Security Enhancements

Consider utilizing VPN services for added security when browsing online.
Activate Private DNS Mode on your device for enhanced privacy measures.
Install reputable antivirus software to protect against possible threats.
Utilize VPN routers for secure internet access.
Stay vigilant about spyware and learn how to identify and remove it from your devices.

Will RedNote get banned in the US?

There’s a certain irony in the recent wave of TikTok users transitioning to RedNote. Originally, the clause to either divest or ban TikTok was aimed at curbing the influence of foreign-owned social networks potentially susceptible to the Chinese government's control. However, the move has unintentionally led users

Apple Temporarily Suspends Notification Summaries in iOS 18.3 Beta

Apple has announced a temporary suspension of the notification summaries feature for news and entertainment applications in its latest iOS 18.3 developer beta. This decision was confirmed following reports highlighting inaccuracies in content summarizations, which stemmed from the Apple Intelligence platform. In response to criticisms over these inaccuracies, particularly

Biden punts the TikTok ban to Trump

The Biden administration has declared that it will defer dealing with the controversy surrounding the TikTok ban to President Donald Trump, who will be stepping into office shortly. A White House official clarified, “Our position on this has been clear: TikTok should continue to operate under American ownership. Given the

Sony Launches Black PlayStation 5 Accessories for Preorder

In conjunction with the recent CES event, Sony has unveiled a selection of black PlayStation 5 accessories, which are now open for preorder before they hit the shelves on February 20th. The new lineup features a variety of items, including the DualSense Edge controller priced at $199.99, the Pulse