Phishing Attacks Use This Simple Trick to Defeat iPhone Message Security

by

A new social engineering tactic is being used by cybercriminals to trick iPhone users into disabling iMessage's built-in phishing protection, in a bid to expose them to malicious links and scams, according to BleepingComputer.

General Apps Messages Redux
The scam exploits a security feature in iMessage that automatically disables links from unknown senders. Apple told the outlet that when users reply to these messages or add the sender to their contacts, the links become clickable – a behavior that scammers are now actively exploiting, according to the report. The deceptive messages often masquerade as notifications from trusted organizations like USPS or toll road authorities.

Scammers are apparently looking to exploit the familiar "reply STOP" or "reply NO" that often appears at the end of messages from authentic businesses or services, as there's been a surge in SMS phishing (smishing) attacks that specifically ask recipients to reply "Y" to "activate" supposedly legitimate links.

By getting users to respond, attackers not only enable the previously disabled links but also identify active phone numbers that are more likely to engage with future scams.

Tech-savvy users are likely to easily identify these as phishing attempts, but the main concern is that older or less experienced users will be particularly vulnerable to the tactic. Needless to say, the best way to ensure that you never fall for the scam is to never reply to suspicious messages from unknown senders.

phishing scam

SMS phishing attacks with disabled links (Image credit: BleepingComputer)

Another line of defense is to enable message filtering on your iPhone or iPad. Message filtering sorts messages from people who are not in your contacts into a separate list, where you can more easily view them in the Messages app. To filter messages from unknown senders, open Settings and go to Apps ➝ Messages, then toggle on the switch next to Filter Unknown Senders.

Bear in mind that the feature can filter legitimate messages – from couriers or your bank, for example – so don't automatically assume that a filtered message is dodgy. And, as mentioned above, you can't open links in a message from an unknown sender until you add them to your contacts or reply to the message, but that's by design.

Popular Stories

iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
Read Full Article79 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Read Full Article62 comments
iphone 16 pro ghost hand

iPhone 17 Pro: 5 Reasons Not to Upgrade This Year

Monday September 1, 2025 4:35 am PDT by
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Read Full Article114 comments
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Read Full Article210 comments
iOS 18 on iPhone Arrow Down

Apple Preparing iOS 18.7 for iPhones as iOS 26 Release Date Nears

Sunday August 31, 2025 4:35 pm PDT by
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs. We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else. iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
Read Full Article47 comments
iPhone eSIM Feature

Apple Hints at iPhone 17 Models Lacking SIM Card Slot in More Countries

Sunday August 31, 2025 8:52 am PDT by
Another hint has surfaced that Apple is preparing to eliminate the physical SIM card tray from iPhones in more countries this year. In particular, a source familiar with the matter has informed MacRumors that retail employees at Apple Authorized Resellers in the EU are required to complete a training course related to iPhones with eSIM support by Friday, September 5. There are 27 countries...
Read Full Article124 comments

Top Rated Comments

vertsix Avatar
vertsix
8 months ago
Why doesn't Apple use Apple Intelligence to detect and remove these things?

Genuine question, I know Apple Intelligence sucks at this time but I'm sure it can be easily trained to detect these samples?
Score: 27 Votes (Like | Disagree)
McWetty Avatar
McWetty
8 months ago
“iPhone users hate this one trick…” is the only way this article could be more clickbait. /s

Snark aside… I eliminated this spamming by removing all my personal data from data brokers. It took me an entire Saturday, but I managed to remove my email/phone/address from over 40 online sources and I haven’t gotten a single SMS spam since. Not even during the US election season.
Score: 9 Votes (Like | Disagree)
jayryco Avatar
jayryco
8 months ago
The faster we leave SMS behind the better.
I have had the same phone number for 20+ years and it must be part of an active list scammers use because at this point I receive phishing SMS's at least 2-3 times a week and regularly use TrueCaller to filter out this garbage.
Score: 6 Votes (Like | Disagree)
ignatius345 Avatar
ignatius345
8 months ago

I eliminated this spamming by removing all my personal data from data brokers. It took me an entire Saturday, but I managed to remove my email/phone/address from over 40 online sources
Would be very interested to hear specifics on how you (or anyone else) did this. Did you pay for some service that automates it, or manually go through and fill out forms? Thanks!
Score: 6 Votes (Like | Disagree)
spazzcat Avatar
spazzcat
8 months ago
Don't reply to messages from pepole you don't know or don't make any sense because they have no context.
Score: 5 Votes (Like | Disagree)
dynamojoe Avatar
dynamojoe
8 months ago
Can I just block all SMS from the Philippines?
Score: 4 Votes (Like | Disagree)
Read All Comments