Phishing Texts Trick Users Into Disabling Protection
Lawrence Abrams (via Ric Ford):
As you can see below, a fake USPS shipping issue and a fake unpaid road toll text were sent from unknown senders, and iMessage automatically disabled the links.
While neither of these phishing lures is new, we noticed that these smishing texts, and others seen recently, ask users to reply with “Y” to enable the link.
But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”
I saw it once, and now I am seeing it again and again. Everyone has now adopted this new trick.
