Cybercriminals launched an attack on iMessage, Apple’s text messaging service last year. Using phishing messages, they try to disable the built-in anti-phishing options within Apple iMessage to reactivate phishing links that are disabled by default.
By default, iMessage blocks possible phishing attacks by inactive links in messages from unknown senders. It does not matter whether these links come from emails or text messages. Only links in messages from end users’ contacts are active. Also, the links become active when users reply to the messages. With these security measures, Apple is trying to stop the growing number of so-called “smishing” or SMS phishing attacks.
Targeted phishing attacks
However, hackers are now increasingly trying to circumvent this built-in security functionality with customized messages designed to trick users into making the malicious links active anyway, BleepingComputer writes.
With customized messages, they try to convince potential victims to reply to the message. This makes the malicious links active again and invites recipients to open them in Safari or another browser.
Additionally, suppose iMessage users do not open the links after activation. In that case, the hackers also have a signal that the recipient may be open to responding, making them a bigger target for other possible phishing attacks. iMessage users are, therefore, reminded to be very careful when replying to messages from unknown numbers with links.
Also read: Apple iMessage may escape European regulation DMA