Hackers are using this iMessage trick to steal your iPhone data

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Scammers have discovered a new tactic to exploit iPhone users by bypassing Apple’s scam protection tools in iOS.

This approach involves manipulating users into replying to scam texts, which disables Apple’s protective measures against malicious links.

Apple’s iOS includes a security feature that automatically disables links in SMS messages received from unknown senders. 

However, scammers have found a loophole: if the recipient replies to the text, Apple assumes the sender is trusted and re-enables any links contained in the message.

Scammers exploit this behavior by crafting messages explicitly instructing victims to respond.

Bleeping Computer cites an example that highlights the tactic: a phishing message with a disabled link accompanied by a prompt such as,

“Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to the Safari browser to open it.” 

This phrasing mimics legitimate automated prompts, encouraging recipients to reply and unwittingly activate the malicious link.

The strategy plays on the widespread habit of responding to automated texts, such as confirming subscriptions or verifying accounts. 

Many users may reflexively reply without recognizing the potential danger, thus enabling scammers to deploy phishing attacks or other malicious actions.

How to protect yourself from this iPhone phishing scam

To protect yourself from this scam, follow this guideline: 

1. Do not reply to messages from unknown numbers, especially if they contain links.
2. Ignore and report suspicious messages as spam using Apple’s built-in reporting tools. It blocks potentially harmful links.
3. Verify authenticity by contacting the purported sender (e.g., a company or service) directly through their official website or customer service channels. It ensures you are speaking with legitimate representatives and not engaging with scammers.

By not replying to unknown texts, iPhone users can maintain the effectiveness of Apple’s scam protection and reduce the risk of falling victim to such schemes.

What do you think about this new iPhone phishing scam? Have you received a text like this one? Tell us about your experiences in the comments below, or via our Twitter or Facebook.