PSA: Text scammers resorting to new tactics to get you to enable phishing links – AppleInsider
AAPL: 233.78 ( 0.62 )
Copyright © 2025 Quiller Media, Inc. All rights reserved.
If only all scam calls and text messages were this easy to spot.Apple’s Messages app has a built-in safeguard to prevent links or phone numbers in unsolicited messages on iPhones from being clickable, and now scammers are trying to trick the unwary into enabling them.
By default, if you receive a text message on an iPhone or other Apple device from an unknown sender, any links therein are disabled. Once you reply to a message, however, the Messages app then allows clickable links, reports Bleeping Computer.
Scammers and other threat actors have developed a way around this restriction that savvy users will spot easily, but novice users might fall for. Often, this “smishing” attack comes in the form of a notice of an unpaid bill for a small amount, or a “failed delivery” notification.
The key to these new scam “warnings” is that they will often ask the recipient to reply “Y” or “N” or some variation in a reply immediately. They will instruct the user to reply, then exit the chat and return to their message in order to click a now-enabled scam link.
Protecting yourself and others from text scamsIf the user falls for this trick, the floodgates of other scam messages will quickly follow, now with clickable links and alarming messages that require the user to click those links. Sometimes, the sender will appear to be affiliated with Apple or other tech companies.
Examples of scam texts. Image credit: Bleeping ComputerThe first thing to do if one has fallen for this trick is to block and report the email address or phone number sending the scam messages. The second thing to do is keep a wary eye out for similar messages from other numbers or email addresses, and block and report them as soon as they are received.
The third thing to do is to think of any friends, colleagues, or family members that might also fall for this sort of smishing attack. Let them know what to do if they receive similar messages, and to spread the word to people they think might fall for such a scam.
Such scams often use the scare tactic of a “missing” parcel or an unpaid bill to get users to click scam links. If the user falls for this, the resulting legitimate-looking scam site generally requires the user to enter credit card or bank account information to “pay” a modest fee.
But that’s not what happens. Within minutes or hours, the credit card will be maxed out, or the bank account emptied. In the US alone, some $9 billion was stolen from scam victims in 2022.
Warn those in your contacts that might be vulnerable to such a scam to be extremely cautious if they receive any unsolicited text from any person or entity where an included link has been disabled. Do not reply in any way to the message, just block and report it instead.
If you or someone you know has any doubts that perhaps the message was legitimate, encourage them to contact the sending entity directly by other means to verify that they sent such a text.By default, if you receive a text message on an iPhone or other Apple device from an unknown sender, any links therein are disabled. Once you reply to a message, however, the Messages app then allows clickable links, reports Bleeping Computer.
Scammers and other threat actors have developed a way around this restriction that savvy users will spot easily, but novice users might fall for. Often, this “smishing” attack comes in the form of a notice of an unpaid bill for a small amount, or a “failed delivery” notification.
The key to these new scam “warnings” is that they will often ask the recipient to reply “Y” or “N” or some variation in a reply immediately. They will instruct the user to reply, then exit the chat and return to their message in order to click a now-enabled scam link.
If the user falls for this trick, the floodgates of other scam messages will quickly follow, now with clickable links and alarming messages that require the user to click those links. Sometimes, the sender will appear to be affiliated with Apple or other tech companies.
The first thing to do if one has fallen for this trick is to block and report the email address or phone number sending the scam messages. The second thing to do is keep a wary eye out for similar messages from other numbers or email addresses, and block and report them as soon as they are received.
The third thing to do is to think of any friends, colleagues, or family members that might also fall for this sort of smishing attack. Let them know what to do if they receive similar messages, and to spread the word to people they think might fall for such a scam.
Such scams often use the scare tactic of a “missing” parcel or an unpaid bill to get users to click scam links. If the user falls for this, the resulting legitimate-looking scam site generally requires the user to enter credit card or bank account information to “pay” a modest fee.
But that’s not what happens. Within minutes or hours, the credit card will be maxed out, or the bank account emptied. In the US alone, some $9 billion was stolen from scam victims in 2022.
Warn those in your contacts that might be vulnerable to such a scam to be extremely cautious if they receive any unsolicited text from any person or entity where an included link has been disabled. Do not reply in any way to the message, just block and report it instead.
If you or someone you know has any doubts that perhaps the message was legitimate, encourage them to contact the sending entity directly by other means to verify that they sent such a text.Charles Martin is a Contributing Editor for AppleInsider with over a decade of experience covering Apple, and produces the AppleInsider Daily podcast. He is a writer, performer, podcaster, and broadcaster, specializin…Surely this is an area where AI should be used. “Warning, this really looks like a scam because Bank Of America would never ask you for your PIN and “bank.ofamerica.bankdetails.com” is not their URL.” Of course it would have to be more robust than the notification summaries are, but still.
Surely this is an area where AI should be used. “Warning, this really looks like a scam because Bank Of America would never ask you for your PIN and “bank.ofamerica.bankdetails.com” is not their URL.” Of course it would have to be more robust than the notification summaries are, but still.
elijahg said:
Surely this is an area where AI should be used. “Warning, this really looks like a scam because Bank Of America would never ask you for your PIN and “bank.ofamerica.bankdetails.com” is not their URL.” Of course it would have to be more robust than the notification summaries are, but still.
Yes! This is one area where AI could help a lot.
Yes! This is one area where AI could help a lot.
DAalseth said:
elijahg said:
Surely this is an area where AI should be used. “Warning, this really looks like a scam because Bank Of America would never ask you for your PIN and “bank.ofamerica.bankdetails.com” is not their URL.” Of course it would have to be more robust than the notification summaries are, but still.
Yes! This is one area where AI could help a lot.
If AI can ever figure that out. Current Apple AI is adding spam/scam messages to its notification summaries.
If AI can ever figure that out. Current Apple AI is adding spam/scam messages to its notification summaries.I feel Apple should be proactive and reverse obvious Scam messages, attacking the sender with malware from Apple. Why should users have to try and figure out if a text message is spam, Apple’s Message software should be able to block it without the user needing to do anything. I’m sure there’s some honest hackers who could come up with the software necessary to attack the sender. It wouldn’t bother me if some halfway honest texts were sent and got deleted. My Junk Mail folder has been hammered lately with multiple junk emails sent at the same time. I have seven Mail Rules with about 30 junk mail addresses that run constantly. It’s time junk mail and spam text is treated as attacks on people, with the FBI (or similar) investigating and arresting national and international spammers and hackers.
I feel Apple should be proactive and reverse obvious Scam messages, attacking the sender with malware from Apple. Why should users have to try and figure out if a text message is spam, Apple’s Message software should be able to block it without the user needing to do anything. I’m sure there’s some honest hackers who could come up with the software necessary to attack the sender. It wouldn’t bother me if some halfway honest texts were sent and got deleted. My Junk Mail folder has been hammered lately with multiple junk emails sent at the same time. I have seven Mail Rules with about 30 junk mail addresses that run constantly. It’s time junk mail and spam text is treated as attacks on people, with the FBI (or similar) investigating and arresting national and international spammers and hackers. We keep getting texts from, ostensibly, our local toll road company. However the URL is obviously fake and the originating phone number is in the Philippines (+63).Be aware.
We keep getting texts from, ostensibly, our local toll road company. However the URL is obviously fake and the originating phone number is in the Philippines (+63).Be aware.If you’re tired of smelly garbage, the Vego Kitchen Composter is a great way to responsibly dispose of food scraps — if you’re fine with sacrificing the countertop space.Always on a quest to bring readers the steepest savings, AppleInsider has partnered with B&H Photo to drop prices on two MacBook Pro configurations from Apple’s M4 Pro line.watchOS 11.3 has received its third developer beta, following the arrival of similar beta updates for the HomePod and Apple TV only hours earlier.Apple has moved on to its third round of developer betas, but it has started quietly with a trial of tvOS 18.3’s third beta, along with HomePod OS 18.3.The Apple Watch Series 10 has been on my wrist for three months now and it’s clear that it’s the best smartwatch Apple ever made. But that doesn’t mean there aren’t things that a future Series 11 could do better.Apple has joined the board of directors for the Ultra Accelerator Link Consortium, giving it more of a say in how the architecture for AI server infrastructure will evolve.MacBook deals are heating up this Tuesday, with Apple’s latest M4 14-inch MacBook Pro on sale for $1,799 when equipped with 24GB of RAM and 1TB of storage.Adobe is giving private beta users a chance to test out a long-anticipated feature — allowing more than one person to access and edit Photoshop documents simultaneously.Apple has joined the board of directors for the Ultra Accelerator Link Consortium, giving it more of a say in how the architecture for AI server infrastructure will evolve.As Apple tries to diversify its supply chain, China’s tightened export controls are slowing things down as the country asserts its manufacturing dominance.After four years of planning, TSMC is now finally going to make older iPhone processors in the US, but it’s not and never will be a true return to American manufacturing.
