- Scammers have a new trick up their sleeve and they are using it on iPhone users
- They tell you to reply to their text messages, which disables Apple’s scam protection
- Fortunately, there are some ways to stay safe.
Apple has integrated several scam protection tools into iOS, one of which disables links in SMS messages if the text comes from an unknown number. However, it appears that scammers have found a way to bypass these defenses and send you dangerous links, despite Apple’s best efforts.
As noted by Bleeping Computer, the links are re-enabled if you reply to a message from an unknown source, since Apple assumes that replying means you trust the sender enough to also trust the URLs they’ve included.
However, scammers have realized this by instructing their victims to reply to their message and then click on the reactivated links. For example, a scam message seen by Bleeping Computer contained a phishing link (which had been disabled), with the following text underneath:
“Reply Y, then exit the text message, reopen the activation link in the text message, or copy the link to the Safari browser to open it.”
The idea seems to be that people are so used to responding to automated text messages with things like “YES” and “NO” that they will automatically do the same to phishing messages, thus allowing potentially dangerous links to work again.
How to stay safe
If you receive an unexpected message from an unknown source and see that the text contains links, do not respond. Doing so will make the links active again, but simply ignoring the text (and reporting it as spam) will ensure that you don’t fall victim to it.
If you’re not sure whether a message is genuine or not, the advice remains the same: don’t reply. Instead, contact the company directly using their official channels. This will put you in touch with a legitimate employee who will be able to tell you whether the message you received is trustworthy or not.
Even if you don’t click on any suspicious links in the text, simply replying to the message will tell the scammer that your number is active and that you’re willing to engage in phishing messages, making you an attractive target.
It is better to be safe than sorry in these situations. If you were sent a text message that you were not expecting from a sender who claims to be an official source, it is better to be cautious rather than take unnecessary risks. If in doubt, just report it and don’t interact with it.
