Contemporary smartphones are designed with numerous proactive security measures embedded within their systems. However, malicious individuals and cybercriminals often attempt to manipulate users into disabling these critical protections. A recently identified phishing scam via text message illustrates this troubling trend.

According to reports from BleepingComputer, the SMS scheme lures users into responding with “Y” to activate a link included in the text. Alternatively, it may prompt users to copy and paste the provided link into their web browser.

By responding to the text or relocating the link, a crucial iOS security feature is circumvented: links from unknown senders outside of your contact list are disabled by default. This function is integral to the iPhone’s protective measures, so users cannot modify it; it remains an unalterable aspect of the Messages app.

When you reply with “Y” (or any response), iOS assumes you are familiar with the sender. Subsequently, as the scam message instructs, refreshing the Messages app makes the link clickable, potentially redirecting you to a deceptive website aimed at stealing your credentials.

BleepingComputer has noted a rise in these types of phishing attempts since last year, with texts masquerading as communications from delivery services and toll payment requests among the scams that have been observed.

Tips for Stay Secure

A recent encounter highlighted by a DailyHackly contributor featured a message demanding payment for an overdue toll. The typical urgency tactic—pressuring recipients to act swiftly to avoid higher charges—was evident.

It is essential to remain cautious, and to advise family and friends, about the risks associated with clicking links in text messages and emails, even in legitimate scenarios. Ideally, responses should only be made to links originating from expected communications, such as those related to a delivery you ordered or verification requests for new accounts.

Bear in mind that messages that appear to be from trusted sources can be easily spoofed. An impersonating account might have been created, or hackers may have compromised a legitimate account. If you receive a link from a known contact, it’s prudent to verify its authenticity with them before clicking.

Scams like these typically involve two main components: luring you to click on a link and persuading you to input sensitive information (such as credit card information or passwords) on a fraudulent site. If you inadvertently click a suspicious link, it’s crucial to be able to recognize a fraudulent webpage by observing signs such as unusual layouts, URLs that seem off, and other discrepancies.

Modern operating systems and web browsers come equipped with various built-in defenses against phishing sites. To reduce the risk of falling victim, ensure all software is regularly updated. Furthermore, avoid replying to messages from unfamiliar or unverified sources, whether you intend to respond with “Y” or “STOP” to discontinue receiving further messages, as this merely signals to scammers that you are a viable target.