The new year may have arrived, but unfortunately, so have new iterations of old scams. A concerning trend has emerged where iPhone users are being targeted by phishing attacks disguised as delivery notifications, often impersonating services like the U.S. Postal Service (USPS). These attacks aim to trick users into disabling built-in iPhone security protections and clicking malicious links. Reports of these scams have surfaced in North America and other regions, including India, where fraudsters pose as employees of companies like DHL and FedEx.
Sample of iMessage phishing text.
Understanding the Phishing Tactic
These phishing attempts often follow a specific pattern. The fraudulent text messages typically include instructions like: “Please reply Y, then exit the SMS and open it again to activate the link, or copy the link to your Safari browser and open it.” This seemingly innocuous request to reply with “Y” is a deceptive tactic to bypass iPhone’s built-in phishing protection.
Sample of iMessage phishing text.
Apple’s iMessage system automatically blocks links from unknown senders. These links can only be accessed by adding the sender to your contacts or by replying to their message. By replying, as instructed in the phishing message, the user unknowingly designates the scammer as a “known” contact, thus activating the malicious link. Clicking the link then redirects the user to a potentially harmful website.
Sample of iMessage phishing text.
Some variations of the scam instruct users to copy and paste the URL into their Safari browser. Regardless of the method, the ultimate goal is often to steal sensitive information, such as credit card details.
Sample of iMessage phishing text.
Identifying and Avoiding iMessage Phishing Scams
If you receive a text message purporting to be from a mail service, exercise caution. Do not reply or click any links within the message. Scrutinize the sender’s name or number for spelling errors or unusual formats, such as personal numbers or iCloud addresses. These are often telltale signs of a scam. Pay close attention to the country code. Avoid interacting with messages from unfamiliar international numbers.
For legitimate delivery inquiries, always refer to the official website of the respective mail service for contact information and tracking updates.
Utilizing iMessage’s Built-in Security Features
iMessage provides tools to report and block suspicious messages. If you haven’t opened the message, swipe left, tap the red delete icon (shaped like a bin), and select “Delete and Report Junk.” For added security, block the sender. Remember, you cannot report a message after replying to it.
Staying Informed about Cybersecurity Threats
The Cybersecurity and Infrastructure Security Agency (CISA) offers valuable resources and advisories on protecting your devices from cyberattacks. Staying informed about current threats and best practices is crucial for maintaining safe digital habits.
Conclusion: Protecting Yourself from Phishing Attacks
Phishing attacks continue to evolve, exploiting user trust and leveraging sophisticated tactics. By understanding the methods employed by scammers and utilizing the security features available on your iPhone, you can significantly reduce your risk of falling victim to these malicious schemes. Staying vigilant and informed is the key to protecting your personal information and maintaining a secure online experience.
