This New Text Scam Tries to Trick You to Disable IPhone Security Feature
Modern smartphones come with a range of built-in preventative security features. Scammers and hackers often try to trick you into disabling or bypassing these security measures—which is exactly what a newly discovered text phishing scam is trying to get you to do. .
As reported by BleepingComputer , the SMS-based trick can be recognized by the way it tries to get you to respond with the letter “Y” to activate a link embedded in the text. The message may also encourage you to copy and paste the link into Safari.
Replying to a message or moving a link to another location bypasses a key security measure in iOS: links from senders who are not in your contacts list are disabled by default . This feature is so important to iPhone security that you can’t turn it on or off—it’s a built-in part of the Messages app that you can’t change.
Replying “Y” (or any other reply) makes iOS think you know the sender, and once you restart the Messages app (as the scam text suggests), the link will become available and take you to some sort of scam website for credential theft.
According to the fine folks at BleepingComputer, there has been an uptick in these types of reports since the middle of last year. Messages purporting to be from courier companies and demands for payment of tolls are just a couple of fraudulent messages that have been spotted during this time.
How to protect yourself
One of the Lifehacker team recently saw a message matching this description, demanding payment of an outstanding travel bill. The familiar trick is to get the recipient of the message to act quickly – in this case, to avoid paying even more.
It’s worth keeping in mind (and reminding family and friends) that even in the best-case scenario, you should be very wary of clicking on links that come through messaging apps and email. Ideally, you want to only respond to links you expect: for example, to track a delivery you ordered or to confirm your email address for a new account.
Even messages that appear to be coming from trusted contacts can be spoofed – perhaps an account has been created impersonating them, or hackers have managed to gain access to their accounts, for example. If you receive a link from someone you know, double check that it is genuine before clicking on it.
Please note that there are two parts to this scam: the first is to trick you into clicking on a link, and the second is to enter sensitive information (such as credit card information or account password) on a fraudulent website. Even if you’re tricked into clicking a dodgy link, as long as you can spot the fake web page, you’re good to go: Look for weird formatting, nonsensical URLs, and other inconsistencies.
Modern operating systems and web browsers have many built-in protections against phishing sites, so as always, make sure all your software is kept up to date to minimize the risk of getting caught. And always avoid replying to any message from an unknown and unverified sender, be it “Y” or “STOP” to supposedly stop future messages. It simply identifies you as a potential future target.