Cybercriminals are deploying a cunning tactic to bypass Apple iMessage’s built-in phishing protections, tricking users into re-enabling disabled links in phishing messages. This technique leverages human behavior to target unsuspecting victims and gain access to sensitive information.
How iMessage Phishing Protection Works
Apple’s iMessage automatically disables links in messages sent from unknown senders, including both email addresses and phone numbers. This protective measure prevents users from inadvertently clicking on malicious links.
However, Apple has confirmed that if users reply to these messages or add the sender to their contacts, the links become active again, effectively disabling iMessage’s phishing safeguards.
The Cybercriminals’ Strategy
-
Tricking Users into Responding
Recent smishing (SMS phishing) campaigns use familiar tactics to trick users into replying to their messages. Common examples include:- Fake USPS shipping issues
- Unpaid toll notifications
These messages often ask users to reply with “Y” or similar responses. For example:
“Please reply Y, then exit the text message, reopen the activation link, or copy the link to Safari browser to open it.”
By replying, users inadvertently enable the previously disabled links, making them accessible for clicking.
-
Behavioral Manipulation
Cybercriminals exploit the fact that users are accustomed to replying “STOP,” “YES,” or “NO” to confirm appointments or opt out of messages. This familiarity increases the likelihood of a reply, enabling the malicious links.
SMS phishing attacks with disabled links
Source: BleepingComputer