iPhone owners should never ever reply to phishing texts involving supposedly undelivered packages or unpaid tolls and here’s why.
Such scams are typically on the rise during the holidays when many people order gifts or ship surprise packages to their relatives or loved ones. I’m sure you’ve seen or maybe even received texts about a fake USPS shipping issue, a supposedly unpaid road toll text and similar.
Bleeping Computer explains why even responding to phishing texts puts you at risk while making cybercriminals’ lives so much easier.
Why iPhone owners should never reply to phishing texts
Long story short, responding to messages from unknown numbers makes the included phishing link actionable. And if an unsuspecting user follows the link, they may end up writing their credit card number into a form on a bogus page. You should never ever respond to phishing texts, let along follow such links!
The built-in Messages app has a feature called Filter Unknown Senders, designed to stop people whose contact details you haven’t saved in the Contacts app from texting you directly. Instead, their messages are filtered to another folder, and you aren’t notified about them. It’s one of the more effective ways to stop spam texts.
When this feature is enabled in Settings > Apps > Messages > Message Filtering, links sent from unknown senders are disabled until you reply to a message. That’s why these phishing texts desperately want you to respond to the message. “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it,” reads one of such messages.
Bleeping Computer explains:
As users have become used to typing STOP, Yes, or NO to confirm appointments or opt out of text messages, the threat actors hope this familiar act will lead the text recipient to reply to the text and enable the links.
Doing so will enable the links again and turn off iMessage’s built-in phishing protection for this text. Even if a user doesn’t click on the now-enabled link, replying tells the threat actor that they now have a target that responds to phishing texts, making them a bigger target.
The publication says these types of scams have increased in 2024, with a surge since the summer. Apple’s support page spells out that responding to a message from an unknown sender activates any included web links. “You canʼt open any links sent by an unknown sender until you make them a known sender—by adding them to your contacts or replying to the message,” it reads.
To protect yourself from unsolicited communication, read our tutorial covering how to filter unknown, known, unread, junk and promotional messages on iPhone.
How I almost fell for such a cheap scam
As much as I love to view myself as a tech expert who would never fall for these cheap scams, I, too, foolishly responded with a “Y” to a message purportedly from a parcel service informing me of an incoming package.
I could then follow a link to a phishing page that looked exactly like my local delivery service. They asked for a small fee to cover some paperwork. Not suspecting anything yet, I typed my credit card details and was about to hit the Send button when my left hemisphere of my brain prevailed, and sanity took over.
I closed the page and spent the rest of the day thinking how stupid I was. I was one click away from having my financial information compromised. The supposed tech expert, of all people! I let my guard down because the fraudulent communication happened during a period when companies from all around the world ship me review samples of products. Like with everything in life, it’s all about the right timing!