iPhone owners targeted via new Apple Messages scam: here's what you need to know

A new report from Bleeping Computer highlights a new method scammers have found to bypass Apple's hardcore Messages security: to make you bypass it yourself.

Apple's iPhones are proudly carrying the reputation of being quite security and privacy-focused. Apple's Messages app sports fancy built-in safeguards that prevent links or phone numbers in unsolicited messages on iPhones from being clickable. But now, scammers have learned a few tricks on how to make you disable such protections.

These attacks are quirkily called "smishing" attacks (a combination of “SMS” and “phishing”). The tricky message would be masked in the form of a notice of an unpaid bill for a small amount, or a "failed" USPS delivery notification.



The key to catching the maliciousness of such messages is that these new scam "warnings" will ask you to reply "Y" or "N", or request any form of reply immediately. The instructions will lead you to reply, then exit the chat and return to the message in order to click a now-enabled scam link.

Unfortunately though, if you fall for the trick, you'll be quickly flooded with other scam messages now with clickable links and scary "warnings" that would urge you to click (hopefully for them, faster than you can think). Sometimes, the sender may pretend to be affiliated with Apple or other big companies.

The tactic has been in use over the past year, but its usage has been increasing in frequency since the summer. Some people have become accustomed to typing “STOP”, “Yes", or “NO” to confirm appointments or opt out of text message subscriptions, and the scammer is hoping to use your muscle memory to enable the links Apple so loyally disabled on your behalf.

Replying will enable links and disable Messages' protection for the text. Also, it would indicate to the malicious user that you're susceptible to such manipulation hence the flooding of other scammers trying to fool you.

How to protect yourself from these new Apple Messages scammers

The best would be, of course, not to fall for the trick and obey scammers' instructions. However, if you've already been tricked, the best would be to block and report the email address or phone number that's attempting to scam you - and do the same with any other similar messages as soon as your receive them.

It's important to always remember that it's always best to contact banks or any institution directly (by other means, like finding their official website and taking their contact info from there) if something is concerning to you. Remember not to enter your credit card or bank information in Messages or in any link that's been sent to you in any messaging app.