A concerning new phishing campaign targeting iPhone users attempts to bypass Apple's built-in security protections through a deceptive text messaging scheme.
Security researchers at BleepingComputer have identified a surge in SMS phishing (smishing) attacks that specifically target iMessage's automatic link-blocking feature. This security measure typically prevents users from accessing potentially malicious links sent by unknown contacts.
The scammers employ a simple yet effective tactic - they prompt users to reply to their messages, often with a "Y" response. What many users don't realize is that responding to these messages automatically disables iMessage's phishing protection for that conversation.
A typical scam message includes instructions like: "Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it."
The phishing messages frequently masquerade as urgent communications from legitimate organizations, such as:
- Package delivery notifications
- Unpaid toll notices
- Account suspension warnings
- Payment requests
Once a user responds, all previously blocked links in the conversation become active. This allows scammers to direct victims to fraudulent websites designed to steal personal and financial information.
Security experts advise iPhone users to:
- Never respond to unexpected messages from unknown senders
- Avoid clicking on links in suspicious messages
- Contact companies directly through official channels to verify any urgent requests
- Delete suspicious messages immediately
The campaign has shown increased activity since summer 2023, with no signs of slowing down. Users are reminded that legitimate businesses typically don't request sensitive information or immediate action through text messages.
Apple has confirmed that this behavior is part of iMessage's design, where responding to an unknown sender or adding them to contacts will disable the protective link-blocking feature for that conversation.