Photo: oasisamuel / Shutterstock.com
Cybercriminals have discovered a new trick to disable Apple iMessage’s built-in phishing protection. With a simple smashing attack, this trick can trick people into replying to a text that disables phishing protections by simply replying ‘Y’ to a fake message.
Apple iMessage automatically disables links in messages received from unknown senders to protect users against phishing attacks. However, many senders rely on word responses like STOP, YES, or NO to let users opt out of receiving messages, confirming appointments, and more.
These phishing messages exploit this behaviour by asking recipients to respond to the message with a ‘Y’, reopen the message, and then tap the link. However, as Apple confirmed to the BleepingComputer, doing so enables links in iMessage, letting scammers flood your inbox with spam and phishing links that are no longer guarded.

The messages themselves aren’t very sophisticated, and you should be able to spot them as the phishing links use domains that aren’t the same as the company or service they’re impersonating. However, many people still tend to trust simple phishing lures, especially if they impersonate an essential service like USPS, your bills, or more.
Once a recipient has clicked on the phishing link, the information extracted from them will vary from personal information, financial details, or other information that hackers can steal to sell on the dark web or impersonate the recipient online.
If you’re receiving messages where an unknown sender wants a one-word reply, we strongly advise against responding unless you can determine the sender’s authenticity. Instead, it’s better to directly contact the company or service to verify the text and any further actions.
In the News: Delhi man duped of Rs. 9 lakh by fake electricity officials