When it comes to security, it’s often said that the weakest link is the user. Phishing, which involves deceiving users, is a disturbingly widespread practice nowadays. While it stands no chance against common sense and struggles to bypass the automatic defenses of our iPhone, a new trick is being tested to circumvent a security system within the Messages app. Staying safe, fortunately, is extremely simple. Let’s dive into it.
A new approach to phishing attacks
The Messages app automatically disables links in messages from unknown senders. This protection prevents users from directly clicking on these links, thereby limiting the scope of phishing attacks via SMS.
When we reply to one of these messages or add the sender to our contact list, the Messages app assumes we trust the content. Consequently, the links in the message become active, which is precisely the target of the new phishing attacks.
As reported by BleepingComputer, phishing messages increasingly include strategies to elicit a response. We’re seeing messages that, posing as reputable organizations or companies, instruct users to reply with “STOP” or “NO” to stop receiving supposed notifications.
In some cases, the opposite approach is used, suggesting that users reply with “YES” or “Y” to activate links—something we must never do.
Never respond to messages from unknown senders! When you reply, attackers achieve two things: first, they activate the links in the message, directly exposing you to malicious content. Second, they confirm that your phone number is active and that you’re likely to interact with such messages. This encourages more sophisticated future attacks.
How to protect yourself from these threats
The best defense against these attacks is caution. Don’t respond to messages from unknown senders, and apply common sense when determining whether a message is legitimate. When in doubt, it’s always safer to ignore the message and, independently (e.g., by searching for the company’s number online), contact the organization allegedly sending the message.
Beyond this, Apple provides some tools to help us stay secure. For instance, you can enable the “Filter Unknown Senders” option on your iPhone. This filter moves messages from senders not in your contact list to a separate section, allowing you to review them more carefully before interacting. Here’s how to enable this filtering:
- Open the Settings app on your iPhone.
- Scroll down and tap on Apps.
- Tap Messages.
- Toggle on the Filter Unknown Senders option.
Once enabled, you’ll find these messages in a separate tab within the Messages app.
Our iPhones are equipped with security measures to protect us, but prudence and common sense are our best allies against these attacks. Never respond to or interact with messages from unknown senders—simply block the sender and delete the message. Staying safe is that simple.
On Hanaringo | 8 tips to improve our security and privacy online