The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Phishing Texts Trick Apple Users Into Disabling Protection

Phishing Texts Trick Apple Users Into Disabling Protection
Author Image Anka Markovic Borak
Anka Markovic Borak First published on January 18, 2025 Writer and Quality Assessor

Threat actors are using deceptive tactics to bypass Apple iMessage’s phishing protection, tricking users into enabling disabled links in fraudulent messages. These smishing attacks target mobile users with fake texts posing as trusted entities, in an effort to manipulate recipients into compromising their security.

Apple iMessage automatically blocks links in messages sent by unknown email addresses or phone numbers. However, if a user responds to the message or adds the sender to their contacts, the disabled links are reactivated.

Recent months have seen a rise in smishing attacks where scammers impersonate organizations like the USPS or toll authorities, sending messages that claim shipping issues or unpaid fees. These texts instruct recipients to reply with a simple “Y” or other familiar phrases to enable links. Phrases like “Reply Y to activate” or “Exit and reopen the message link” are designed to appear routine and innocuous, making it more likely for recipients to comply.

This tactic exploits user habits formed by legitimate practices, such as responding “STOP” or “YES” to manage text subscriptions. When users reply, they not only re-enable phishing links but also signal to the attacker that they're falling for the scam. This increases the likelihood that the scammer will target the same user again in the future.

Even without clicking the re-enabled links, users become vulnerable by responding, as it confirms their phone number is active and monitored.

Often, the targets of these scams are less tech-savvy individuals or older users who might not recognize the red flags in these messages. Such individuals are particularly at risk of entering sensitive information, such as credit card details or personal data, that attackers can then exploit.

To avoid falling victim to these scams, users should avoid replying to texts from unknown senders, especially when links are disabled. Instead, they should directly contact the relevant company or organization for verification. This precaution helps maintain security, preventing inadvertent exposure to cyber threats.

About the Author

  • Author Image Anka Markovic Borak
  • Anka Markovic Borak Writer and Quality Assessor

Anka Markovic-Borak is a writer and quality assessor at The How To Guide, who leverages her expertise to write insightful articles on cybersecurity, driven by her passion for protecting online privacy. She also ensures articles written by others are reaching The How To Guide's high standards.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address