Text Scammer Use New Tactics To Make You Enable Phishing Links

JAKARTA - Apple has installed protection in the Messages app on iPhone devices to prevent links or phone numbers in unknown messages from being clicked on. However, scammers are now using new tactics to trick users into activating the phishing link.

By default, if you receive a text message from an unknown sender, the link in the message is disabled. However, if you reply to the message, the Messages app will enable a clickable link. According to a report from Bleeping Computer, scammers are now taking advantage of this gap in a clever way.

Smishing attacks (phishing via SMS) often appear in the form of bill notifications that have not been paid in small amounts or notifications "delivered delivery." These messages usually ask the recipient to reply with "Y" or "N" or other variants. After replying, the user is directed to exit the chat and return to the message to click on the link that has now been activated.

If users are deceived, they will start receiving more scam messages, this time with an active link and an urgent-looking message. Often, the sender pretends to be an official party like Apple or other technology companies. Once the link is clicked, the user will be directed to a site that appears legitimate but is designed to steal credit card information or bank account.

Here are the steps you can take to protect yourself from this attack:

Block and Report If you receive a scam message, immediately block the phone number or email address of the sender. Report to relevant service operators or providers.

Alert Other Messages If You've replied to messages like this, be aware of similar messages that arise from other numbers or emails. Block and report as soon as you receive them.

Tell Others To Warn friends, family, or co-workers who may be vulnerable to this attack. Tell them not to reply to messages from unknown senders and share this information with other people who have the potential to become victims.

Verification with Officials If you or other people feel doubtful that the message may be genuine, contact the party mentioned in the message directly through the official channel to verify the truth.

These scam messages often take advantage of the panic of users with claims of delayed bills or "missing" packages. If users enter their financial information, such as credit card numbers, their accounts can be compromised in just a few minutes. In 2022 alone, losses from attacks like this in the US amounted to 9 billion US dollars (IDR 146.8 trillion).

By spreading this information, you can help protect those around you from being victims of smishing attacks. Stay alert and avoid replying to any messages from unknown sources.