To protect iPhone, iPad, and Mac users, Apple has built a series of security mechanisms into iMessage. For example, instant messaging has automatic protection against phishing messages. This is because iMessage automatically disables links in messages from unknown senders.
This security prevents users from clicking on a malicious link. It applies by default unless you add the sender to your contacts or interact with them. If a user replies to the message or adds the sender to their contacts, the links automatically become active.
Also read: Apple is still trying to justify the absence of iMessage on Android
Explosion of smishing attacks on the iPhone
By relying on the operation of this mechanism, cybercriminals have found a way to disable iMessage protection against phishing. As reported by our colleagues at Bleeping Computer, iPhone owners are facing an explosion of smishing attacks, that is to say phishing by SMS, which want to bypass protections. The messages seek to persuade targets to respondwhich will automatically disable restrictions against fraudulent links. De facto, pirates will be able to achieve their ends.
As Benoît Grunemwald, security expert at ESET France, explains to 01Net, “Cybercriminals are devising ever more ingenious techniques to circumvent security protections”. It is especially “Worrying to note that they are turning to users in order to manipulate them”.
Also read: SVG files, the new weapon of phishing pirates
Answer with a Y
The specialized media takes the example of a phishing message that impersonates USPS, the United States postal service. In this case, the scammers ask the victim to answer with a Y in order to be able to “reopen activation link” which indicates where a package is located. The link will instead relay the target to a phishing page intended to suck up a mountain of personal data. A phishing message about an alleged unpaid road toll uses the same trick.
“While smishing is a major attack method, I think many people spot the telltale signs or doubt the authenticity of these messages. However, some fall into the traps set up because these tactics are designed to encourage them to react impulsively”analyse l’expert d’ESET France.
According to Benoît Grunemwald, there is not yet “elements confirming that these attacks target France”. However, we can fear that the tactics used by American pirates will quickly be exploited in the rest of the world, including in France and in other European countries.
The strategy is all the more effective because it allows cybercriminals to directly identify targets who are more likely to cooperate than others. To avoid falling into the trap set by a cybercriminal, we advise you to never answer to messages from unknown contacts, to scrupulously verify the authenticity of a message before wanting to interact, and to “remain particularly vigilant when faced with requests for sensitive information”lists Benoît Grunemwald.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Bleeping Computer
Related News :