Phishing Campaign Attempts to Bypass iOS Protections



SMS Messaging Smishing ScamAn SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports.

“Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number,” BleepingComputer explains.

“However, Apple told BleepingComputer that if a user replies to that message or adds the sender to their contact list, the links will be enabled....Over the past couple of months, BleepingComputer has seen a surge in smishing attacks that attempt to trick users into replying to a text so that links are enabled again.”

The messages purport to be routine text notifications, such as package delivery updates or unpaid road toll notices. Unlike past smishing attempts, however, the messages contain instructing users, “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.” If a user follows these instructions, they’ll be able to click on the phishing link.

“As users have become used to typing STOP, Yes, or NO to confirm appointments or opt out of text messages, the threat actors are hoping this familiar act will lead the text recipient to reply to the text and enable the links,” BleepingComputer notes.

“Doing so will enable the links again and turn off iMessage's built-in phishing protection for this text. Even if a user doesn't click on the now-enabled link, the act of replying tells the threat actor that they now have a target that responds to phishing texts, making them a bigger target.”

New-school security awareness training can give your organization an essential layer of defense against targeted social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

BleepingComputer has the story.


Request A Quote: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!

Get A Quote Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-quote



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews