< Products
Have a current computer infection?
Try our antivirus with a free, full-featured 14-day trial
Find the right cyberprotection for you
< Business
< Pricing
Protect your personal devices and data
Protect your team’s devices and data – no IT skills needed
Explore award-winning endpoint security for your business
< Partners
< Resources
< Support
Malwarebytes and Teams Customers
Nebula and Oneview Customers
A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection.
For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is gaining traction, according to our friends at BleepingComputer.
It works like this: Under normal circumstances, iMessage will disable all links in messages from unknown senders to protect the user against clicking them by accident. However, if a user replies to a message or adds the sender to their contact list, the links are enabled, allowing the person to click on the link.
The text of the messages comes in all the variations that phishers love to use:
But they all end in a similar way to this:
“(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)”
Replying with Y (or actually anything) will enable the links and turn off iMessage’s built-in phishing protection. Clicking the link will then lead the recipient to whatever malicious website the phisher had in mind. Even if the user just replies with “Y” and then decides not to follow the link—because it looks slightly off—the phishers will know that they have found a likely target for more attacks.
It’s also important to know that there are similar instructions for the Chrome browser:
“Reply with 1, exit the SMS message, and reopen the SMS activation link, or copy the link to Google Chrome to open it.)”
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
SHARE THIS ARTICLE
January 14, 2025 – An insurance company is accused of unlawfully collecting, using, and selling location data from millions of people's cell phones.
January 13, 2025 – A list of topics we covered in the week of January 6 to January 12 of 2025
January 10, 2025 – BayMark Health Services, Inc. notified an unknown number of patients that attackers stole their personal and health information.
January 9, 2025 – At least 36 Google Chrome extensions for AI and VPN tools have begun delivering info-stealing malware in a widespread attack.
January 9, 2025 – Data broker Gravy Analytics that collects location data and sells it to the US government has been breached.
ABOUT THE AUTHOR
Pieter Arntz 
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
COMPUTER SECURITY
MOBILE SECURITY
PRIVACY PROTECTION
IDENTITY PROTECTION
LEARN ABOUT CYBERSECURITY
PARTNER WITH MALWAREBYTES
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
ABOUT MALWAREBYTES
GET HELP
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
© 2025 All Rights Reserved