A new wave of phishing attacks targeting iPhone users is spreading through text messages that mimic official delivery service notifications. These messages often appear to be from the USPS or other shipping companies and urge recipients to click on malicious links. These links, disguised as harmless, are designed to exploit a vulnerability in iMessage's security protocols. By replying to the message with a 'Y', users unknowingly switch the sender status from unknown to known, effectively disabling iMessage's built-in phishing protection. This allows the attackers to deliver harmful content that can steal personal information or install malware.
It’s a new year, but bad actors are still at it with an old trick repackaged for iPhone users. Bleeping Computer reports a rise in phishing attacks targeting iPhone users that involves tricking them into disabling built-in protections and clicking on malicious links. In an increasing number of cases, text messages appear to come from fake delivery agents posing as service messages from the U.S. Postal Service ( USPS ).
Two Digital Trends contributors have received such sham messages recently in North America. We have also come across reports of a similar tactic being deployed in other regions, including India, where online frauds are posing as DHL or FedEx employees. Anyone fancy finding out who ‘kathlyn afaf’ could be? They are trying to Royal Mail scam people but gone via iMessage so their email address has popped up… pic.twitter.com/jr5yPGaA3O — Sanny Rudravajhala (@Sanny_Rudra) January 11, 2024From the user posts that we have seen on social forums so far, the tactic has been in use for at least the past couple of years. If you look closely at the samples attached below, you will notice a pattern in the scammy text messages: “Please reply Y, then exit the SMS and open it again to activate the link, or copy the link to your Safari browser and open it.” This is a recurring theme, with slight modifications in the language. Reply with a Y looks harmless on the surface, but it’s a clever way of disabling the built-in phishing protection protocol on iPhones. Apple has created a system for iMessage that automatically blocks links in messages from unknown senders. You can only open those links if you add the sender to your contact list (identifying them as a known contact) or reply to it. When you reply to a message, as the fraudulent message asks, iMessage switches the bad actor to a “known” status. Now, the link is active. Once you tap on it, the URL opens in a browser of your choice. In some cases, the spammy message asks users to copy-paste the URL into the Safari browser. Now, where the link leads remains uncertain. As per a few reports, users are led to a page where they are required to enter their credit card information.How to avoid the scam If you receive a text from a supposed mail service, do not reply or click on the link in the message. Start with the sender’s name or number. If there’s a spelling error, or if it’s a personal number (or iCloud address), it’s certainly a sham. Also, pay attention to the country code. If it’s coming from another country, avoid interacting with it at all costs. If you have any active mail assignments, always check the progress or reach out to customer care via the details mentioned on the company’s official website. Every time you receive a message from an unknown sender, the iMessage app shows a Report Junk option at the bottom, followed by the delete prompt in the next step. Do keep in mind that you can’t report a message after replying to it. @IndiaPostOffice I received this today, I know its some kind of scam as it is asking for 25 rs directly and its sent using iMessage using thus mail id but still I want to confirm this with officials. @Cyberdost pic.twitter.com/4FXX7UZMjT — Vikash Gathala (@vikashgathala) May 30, 2024 If you haven’t opened the message yet, simply swipe left on it, select the Bin-shaped red delete icon, and then select Delete and Report Junk. As an added layer of assurance, you can also go ahead and block the sender. A few weeks ago, the government’s Cybersecurity and Infrastructure Security Agency (CISA) released a detailed advisory on keeping your phone safe from all kinds of cyberattacks. We compiled the core findings for an average smartphone user, and you should check that out to cultivate safe digital habits this year
IPHONE PHISHING SECURITY TEXT MESSAGES CYBERSECURITY Imessage USPS DELIVERY SCAMS
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
AI-Powered Phishing Attacks Threaten Gmail UsersThe world's most popular free email platform, Gmail, is facing a new wave of threats from AI-driven phishing attacks. Hackers are using sophisticated techniques to create convincing fake videos and audio recordings, impersonating real people and tricking users into revealing sensitive information.
Read more »
Millions Stolen in Sophisticated Crypto Phishing Campaign Targeting Zoom UsersSlowMist, a blockchain security firm, uncovered a complex phishing campaign that exploited fake Zoom meeting links to steal millions of digital assets. The attack involved a fraudulent domain mimicking the authentic Zoom interface, tricking users into downloading a malicious installation package. The malware collected sensitive information like system passwords, browser credentials, and cryptocurrency wallet details, which were then transmitted to a hacker-controlled server.
Read more »
Phishing Scam Targets California Toll Road UsersA new phishing scam is targeting California toll road users with text messages that threaten legal action and financial penalties if they don't pay a fake toll fee.
Read more »
Click-Attack Surge: Netskope Warns of Phishing Threat to Email UsersA new analysis by Netskope Threat Labs reveals a nearly threefold increase in dangerous clicks in 2024 compared to 2023. The report blames the surge on cognitive fatigue and increasingly sophisticated attackers, warning that over 8 out of every 1,000 users are now clicking on malicious links. Netskope advises all email users to exercise extreme caution and consider avoiding clicks altogether.
Read more »
Gabapentin Users Show Lower Risk of Falls Compared to Duloxetine UsersA new study comparing gabapentin and duloxetine users found that gabapentin users experienced significantly fewer fall-related healthcare visits. Researchers analyzed data from over 57,000 adults aged 65 and older with conditions like postherpetic neuralgia, diabetic neuropathy, or fibromyalgia. Incident gabapentin use was associated with a 48% lower hazard of falls at a 6-month follow-up.
Read more »
PayPal Security Warning—$2,000 ‘Phish-Free’ Phishing Attack ConfirmedA new PayPal phishing attack has been confirmed with a critical twist: it’s phish-free. Here’s what you need to know.
Read more »