Apple users are falling victim to phishing texts that trick them into disabling protection, making it easier for scammers to steal sensitive information. Cybercriminals are exploiting this tactic to turn off the built-in phishing protection in iMessages and then trick users into re-enabling disabled links.
When a user receives a message from an unknown sender with disabled links, Apple’s iMessage automatically blocks them. However, if the user replies to the message or adds the sender to their contact list, the links are enabled. To take advantage of this vulnerability, scammers send messages that ask users to reply with “Y” to enable the link.
This tactic has been used in the past year, with a surge since the summer. The goal is to trick users into responding to the message, which not only enables the links but also makes them a bigger target for phishing attacks.
If you receive a message with disabled links or from an unknown sender asking you to reply, do not respond. Instead, contact the company or organization directly to verify the text and ask if there is anything else you need to do.
Source: https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection