Phishing campaign targeting iPhone users; CSA warns against replying to unknown iMessage senders
Sign up now: Get ST's newsletters delivered to your inbox
Suspicious messages sent by seemingly legitimate sources should be verified through official channels or the anti-scam hotline on 1799.
ST PHOTO: GIN TAY
Follow topic:
SINGAPORE - Apple iPhone users should not reply to messages from unknown senders, amid a phishing campaign targeting those who use the tech giant’s iMessage app.
The Cyber Security Agency of Singapore (CSA) said in an advisory on Jan 15 that cyber criminals have been sending fraudulent messages to “manipulate users into disabling iMessage’s built-in security features”.
Seemingly coming from legitimate sources, the messages would instruct people to reply, such as by prompting people to acknowledge the contents of the message by responding with “Y”.
In doing so, iMessage’s built-in phishing protection for that message would be disabled, and links from unknown senders would become accessible, leading to cyber-security risks.
These include theft of personal information, installation of malware or spyware, and possible fraud, warned CSA.
It recommended several precautionary measures, chief among them being to ignore messages from unknown senders.
CSA also advised keeping the “Filter Unknown Senders” setting enabled, which can be performed by going to Settings and selecting Messages, then Filter Unknown Senders.
Suspicious messages sent by seemingly legitimate sources should be verified through official channels or the anti-scam hotline on 1799.
CSA added that caution should be exercised when links are sent through messages regardless of the sender’s identity, and suspicious messages should be reported through ScamShield.
Meanwhile, phishing messages that seem to be from Apple should be reported to reportphishing@apple.com
As for those who have already replied to phishing messages, CSA advised blocking the sender and monitoring accounts for suspicious activity.
If banking details or credit card credentials were shared, individuals should inform their bank immediately.
CSA said: “If you observe any suspicious applications installed or installed any applications under instruction, uninstall them immediately.” It added that passwords should also be changed, especially if the same one was used for other accounts.
Lastly, the agency said users should lodge a police report if any financial losses were incurred.
“Staying informed and cautious can help protect your personal and financial information,” said CSA.
Scammers have continually made use of phishing messages to cheat victims of their money. In December, there had been at least 17 such cases associated with the Land Transport Authority, more than half of which saw grifters using messaging platforms
At least $33,000 was lost in that particular scam variant.
Aqil Hamzah is a journalist covering breaking news at The Straits Times, with interests in crime and technology.
