Published on 15 Jan 2025
A recent smishing (SMS phishing) campaign has been observed targeting Apple iMessage users. In this campaign, cybercriminals send fraudulent text messages designed to manipulate users into disabling iMessage’s built-in security features.
These messages often appear to come from legitimate sources and may request the user to reply with simple commands, such as “Y”. The act of replying turns off iMessage’s built-in phishing protection for this text. Once these protections are disabled, links from unknown senders become clickable, exposing users to significant cybersecurity risks. The goal of this campaign is to trick users into interacting with malicious links, potentially leading to:
With phishing attacks becoming increasingly sophisticated, it is critical for users to remain cautious and informed.
Recommendations
To protect yourself, do follow these measures:
What to Do If You Have Responded
If you have interacted with a phishing text or followed its instructions, you are advised to take the following steps immediately:
Conclusion
Smishing attacks are becoming increasingly sophisticated, targeting unsuspecting users through legitimate-looking messages. Staying informed and cautious can help protect your personal and financial information. By following the recommended measures, you can significantly reduce your risk of falling victim to such attacks.
References:
https://www.csa.gov.sg/our-programmes/cybersecurity-outreach/cybersecurity-campaigns/the-unseen-enemy-campaign/beware-of-phishing-scams
https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/?utm_source=tldrinfosec
Cyber Security Agency of Singapore