- Scammers have a new trick up their sleeve and are using it on iPhone users
- They ask you to reply to their text messages, which disables Apple's fraud protection
- Luckily, there are a few ways you can stay safe
Apple has integrated several fraud protection tools into iOS. One of them disables links in SMS messages if the text comes from an unknown number. However, it looks like despite Apple's best efforts, scammers have found a way to get around these defenses and send you dangerous links.
As noted by Bleeping Computer, when you reply to a message from an unknown source, links are reactivated because Apple assumes that replying means you trust the sender enough to also trust the URLs contained within.
However, scammers have taken advantage of this by instructing their victims to reply to their message and then click on the reactivated links. For example, a scam message seen by Bleeping Computer contained a phishing link (which was disabled) with the following text underneath:
“Please reply “Y,” then end the text message, reopen the link to activate the text message, or copy the link to the Safari browser to open it.”
The idea seems to be that people are so used to replying to automated text messages with things like “YES” and “NO” that they automatically do the same with the phishing messages, making potentially dangerous links work again.
How to stay safe
If you receive an unexpected message from an unknown source and notice that the text contains links, do not respond to it. This will make the links active again, but simply ignoring the text (and reporting it as spam) can ensure you don't fall victim to it.
If you're not sure whether a message is real or not, the advice remains the same: don't respond to it. Instead, contact the company directly through its official channels. This will put you in touch with a legitimate agent who can tell you whether the message you received is trustworthy or not.
Even if you don't click any suspicious links in the text, simply replying to the message signals to the scammer that your number is active and that you are willing to interact with phishing messages, making you an inviting target.
In such situations it is better to be safe than sorry. If you received an SMS that you did not expect from a sender claiming to be an official source, you should be careful and not take unnecessary risks. If in doubt, just report it and don't interact with him.