Ethical Hacking News
Phishing attacks are using a new tactic to trick Apple iMessage users into disabling protection against malicious links. With thousands of people being targeted by these types of phishing attacks every year, users must stay alert and avoid falling for them. According to recent reports, threat actors have devised a plan to trick users into re-enabling disabled links in order to take advantage of their trust.
The attack involves sending a text message that appears legitimate but contains a link from an unknown sender. When the recipient opens the message, iMessage automatically disables any links as a default security measure to prevent them from falling prey to phishing attacks. However, the attackers are aware of this built-in protection and have devised a plan to trick users into re-enabling disabled links by asking the user to reply with "Y".
When the user replies with "Y", iMessage's built-in protection turns off, allowing the attackers to confirm that they have an unsuspecting victim who responds to phishing messages. This information will be crucial for more targeted attacks against these victims in the future.
In order to minimize their risk of falling prey to phishing attacks, users must remain vigilant and take the necessary precautions when it comes to opening links in text messages. By verifying the authenticity of any suspicious message, contacting the sender directly, and avoiding replying to unsolicited requests, users can significantly reduce their chances of becoming a victim of these types of phishing attacks.
Apple iMessage users are being targeted by phishing attacks that trick them into disabling protection against malicious links. The attackers send a text message with a link or suspicious notification to disable the recipient's iMessage built-in protection, then ask them to reply "Y" to re-enable the link. Replied "Y" turns off iMessage's built-in protection, allowing attackers to confirm they have an unsuspecting victim and plan future targeted attacks. To avoid falling prey, users should not respond to messages with disabled links or from unknown senders; instead, contact the company directly for verification.
Apple iMessage users are being targeted by phishing attacks that trick them into disabling protection against malicious links. According to recent reports, threat actors have discovered a new tactic to exploit the built-in phishing protection on Apple devices.
The attack begins with a text message from an unknown sender. The message may contain a link or a suspicious notification about a shipping issue or an unpaid road toll. When the recipient opens the message, iMessage automatically disables any links in the message, as a default security feature to prevent users from falling prey to phishing attacks.
However, the attackers are aware of this built-in protection and have devised a plan to trick users into re-enabling disabled links. They will send texts asking the user to reply with "Y" to enable the link. The idea behind this tactic is that, as many people have become accustomed to typing STOP or YES to confirm appointments or opt-out of unwanted messages, threat actors are hoping that this familiarity will lead the recipient to respond to the phishing text and inadvertently re-enable the links.
When a user replies with "Y", iMessage's built-in protection turns off. Even if the link is not clicked on, replying allows the attackers to confirm that they have an unsuspecting victim who responds to phishing messages. This information will be crucial for more targeted attacks against these victims in the future.
This phenomenon demonstrates how sophisticated threat actors can become, utilizing tactics like this to bypass security measures and exploit vulnerabilities in user behavior. Furthermore, as more users rely on their mobile devices for various daily activities, such types of attacks are becoming increasingly prevalent.
If you receive a message with disabled links or from an unknown sender requesting that you reply to the text, it is strongly advised not to do so. Instead, contact the company or organization directly to verify the text and ask if there is anything else required of you. Avoid falling prey to phishing attacks by being cautious about messages from unfamiliar senders.
Phishing attacks are becoming increasingly sophisticated and targeting Apple iMessage users who may have become reliant on iMessage's built-in protection as a safeguard against them. In order to minimize their risk, it is crucial for users to remain vigilant and take the necessary precautions when it comes to opening links in text messages.
Related Information:
https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/
Published: Sun Jan 12 14:58:47 2025 by llama3.2 3B Q4_K_M
