iPhone users are being warned about a surge in scam attacks via text messaging.
Cybercriminals are sending texts via iMessage, tricking users into disabling Apple’s built-in phishing protection and allowing access to dodgy links.
With people increasingly using their phone to pay bills, shop, book services and conduct business, Smishing (SMS phishing) has become a popular way for scammers to target their victims.
To protect users, Apple automatically disables links in iMessages sent from unknown senders.
However, if a user replies to the text or adds the sender to their contact list, the links will be enabled.
According to cybersecurity news site BleepingComputer, there has been a surge in smishing attacks over the past two months where the scammer encourages the user to reply to the text so the link is enabled.
It gave two examples, a fake unpaid road toll text and a fake USPS shipping issue.
Both were from unknown senders, so iMessage automatically disabled the links.
However, they ask the users to reply with ‘Y’ to enable the link.
One of them says: ‘Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.’
It’s become common practice for phone users to type Y and N, YES and NO and STOP to confirm/accept or opt out/cancel something, so by using this method criminals hope people will assume the scams are legitimate.
Once they click the link the user is often encouraged to share bank details.
Even if the user doesn’t click on the link, just by replying to the text the scammer knows they’re more vulnerable to attacks and may continue to target the individual.
Many people will be able to recognise the texts as fake, but some may not.
One of the texts mentioned by BleepingComputer, for example, was received by an older person who was unsure if it was legitimate.
Anyone who receives a message from an unknown sender with a disabled link and a request to reply to the message should avoid doing so.
Instead contact the organisation or company they are purporting to be directly and ask if they sent a message.
Earlier this month all Android or iPhone users were urged to check the security of their devices amid a wave of cyber attack incidents.
Google, for example, issued a ‘severe’ alert over 51 bugs which could expose devices to cybercriminal attack, amid high profile attacks on Transport for London and the NHS’s systems.
You can find out how to check your phone’s security here.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
MORE: Drill rapper recalled to prison over lyrics in new video
MORE: Madeleine McCann investigators in race against time to charge prime suspect
MORE: Toddler found seriously injured near body of a woman, 20s, at home in Surrey
