Minnesotans With iPhones: Beware ‘Sophisticated’ New Way Hackers Are Targeting Victims

Minnesotans with iPhones need to be on the lookout for this new way in which cybercriminals and hackers are trying to target you to get ahold of your accounts, money, and information.

While many iPhone users like to think they are less vulnerable to hackers due to the unique protections Apple puts in their phones and software, this new method sidesteps those safety measures and can even lead to savvy tech users falling victim.

This new "sophisticated" method is a devious new twist on other cybercriminal targeting efforts seen in Minnesota and elsewhere around the country - a new version of a phishing attack like this scam reported last year in Northern Minnesota.

Here is how this new hacking method works, what to look for, and how to protect yourself.

What is a phishing attack, and how does it apply to this new threat to iPhone users?

The tech website BRG recently reported that a "sophisticated" new spin on something called a "phishing attack" looks to specifically get around new protection measures iPhones have built into the latest iOS operating systems.

A phishing attack is where a hacker or cybercriminal will try to trick you into giving them information like bank information, credit card numbers, usernames, passwords, and other sensitive data.

The way these attacks usually work is that the attacker will send a victim an email or text message that is meant to look like it is coming from a legitimate source; like your bank, Amazon account, the US Post Office, or some other service provider you may (or may not) use.

They will try to get information from you by doing things like asking you to verify your account information because of an issue with your service or a recent payment, a problem with a delivery, or by suggesting you may have been hacked and that they need you to give them your information to secure your account.

They will often direct you to visit a link to what might look like a legitimate website to provide the requested data, then they can do whatever they want with it.

Pretty devious, right?

The latest iPhone software has protections built into the Messages app designed to help prevent phishing attacks, but the new method looks to get around that.

How does this new phishing attack method targeting iPhones work?

As BGR reports, iPhones running the latest software will automatically disable links sent through messages from unknown senders. That means if some strange number sends you a text or iMessage trying to trick you, the link they send in the message will be disabled automatically in an attempt to protect you from falling from this attack.

The tech blog Bleeping Computer reports that these scammers and attackers will now ask you to respond to the text message first. An example Bleeping Computer offers includes a message from a scammer claiming there was an issue with a USPS delivery with a link to provide some address data, but to get around the safety measure, there's another part to the text.

Get our free mobile app

The new part to this classic phishing scam is that the attacker will include a message asking the recipient of the text to respond, oftentimes saying something like "Please reply Y, exit the message, then reopen the text to enable the link". The idea plays on the concept of replying yes, no, or stop to automated messages that might come from legitimate sources.

By getting you to respond, you are telling your phone you trust the sender. Leaving the message and coming back to it will allow your phone to refresh the message, now trusting the link and allowing you to tap on it.

DON'T DO IT!

How do I protect myself from this new iPhone phishing attack?

The rule of thumb with any situation where an unknown individual reaches out to you asking for information is to ignore the message and use a trusted method to verify any issue that the message might suggest there is.

Logging directly into your account or contacting customer service to see if the "issue" is actually an issue is a good way to verify without responding to the scammer trying to take advantage of you.

It can be tricky as cybercriminals get more sophisticated with their attacks, but the basic rule of thumb is to never click on a link from an untrusted source and never give information to someone reaching out to you unless you can verify it is legitimate - it's often best to reach out to them using a trusted method instead.