Technology
Scammers find sneaky way to bypass your iPhone's safety features
In an alarming development, cybercriminals have devised a new method to circumvent Apple’s built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic exploits a security feature designed to protect you, turning it into a vulnerability that could lead to significant personal and financial risks.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
Scammer’s phishing text message sent to iPhone (Kurt “CyberGuy” Knutsson)
The trick unveiled
Apple’s iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple “Y,” the attackers can re-enable previously disabled links. This seemingly innocuous action not only activates the links but also signals to the scammers that they’ve found an engaged target for future attacks.
We reached out to Apple for a comment but did not hear back before our deadline.
Scammer’s phishing text message sent to iPhone (Kurt “CyberGuy” Knutsson)
HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE
Common phishing lures
These deceptive messages often masquerade as notifications from trusted organizations, such as:
- Undeliverable packages from courier services (USPS, DHL, FedEx)
- Unpaid road tolls
- Outstanding payments or fees
The messages typically end with instructions like: “(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari).”
Scammer’s phishing text messages sent to iPhone (Kurt “CyberGuy” Knutsson)
THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE
The rising threat of smishing
This new tactic is part of a broader trend of smishing (SMS phishing) attacks targeting mobile users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a significant threat to users’ security and privacy.
DOES MY IPHONE NEED ANTIVIRUS PROTECTION?
How to protect yourself
To safeguard against these sophisticated phishing attempts, consider the following steps.
1) Never reply to suspicious messages: Avoid responding to texts from unknown senders, especially those asking you to reply to activate links. Additionally, make sure to delete suspicious text messages and block the sender to prevent further attempts. Since the sender is not in your contact list, you can click Report Junk at the bottom of the text. Then click Delete and Report Junk. This will report the conversation as junk by sending it to your wireless carrier and Apple using your phone number.
2) Verify sender identity: Contact organizations directly through official channels if you’re unsure about a message’s legitimacy.
3) Be skeptical of urgency: Scammers often use urgent language to prompt quick, thoughtless actions.
4) Enable message filtering: Use your device’s built-in filtering options to sort messages from unknown senders. Here are the steps:
- Open Settings
- Scroll down and click Apps
- Tap Messages
- Turn on Filter Unknown Senders
This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.
5) Use two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.
6) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you these deceptive iMessage phishing texts in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
What to do if you’ve been targeted
If you suspect you’ve fallen victim to a smishing attack:
- Report the incident to relevant authorities and institutions
- Freeze your credit to prevent potential identity fraud
- Change passwords and PINs for all your accounts; consider using a password manager to generate and store complex passwords
- Monitor your finances and online accounts for suspicious activity
- Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaways
This latest trick targeting iMessage users serves as a reminder that even seemingly secure systems can be vulnerable to social engineering. By remaining cautious and following best practices for digital security, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.
What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels: Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
A new scam has come to light targeting residents across the United States with text messages that pretend to be from toll road operators. For many who receive these messages, it’s an easy and expensive trap to fall into.
The scam begins when people receive a message claiming they have unpaid tolls and may be charged fines. Scammers then ask for card details and a one-time password sent via SMS to steal their money. Security researchers believe that Chinese smishing groups are behind this scam, selling SMS-based phishing kits to thousands of scammers.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
Fake toll road scam text (Kurt “CyberGuy” Knutsson)
What you need to know about the fake toll scam
As reported by KrebsOnSecurity, the scam begins with a text message claiming to be from a toll road operator, such as E-ZPass or SunPass. The message warns about unpaid tolls and the possibility of fines, forcing recipients to act quickly. Victims are directed to a fake website mimicking the toll operator’s site, where they are asked to provide sensitive information, including payment card details and one-time passwords.
Security researchers have traced the scam to Chinese smishing groups known for creating and selling sophisticated SMS phishing kits. One such kit, “Lighthouse,” makes it easy for scammers to spoof toll road operators in multiple states. These kits are designed to trick users into sharing financial information, which is then used to commit fraud.
Reports of these phishing attacks have surfaced across the U.S., targeting users of toll systems like EZDriveMA in Massachusetts, SunPass in Florida and the North Texas Toll Authority in Texas. Similar scams have been reported in states including California, Colorado, Connecticut, Minnesota and Washington. The phishing pages are mobile-optimized and won’t load on non-mobile devices, making them even more deceptive.
Fake toll road scam text (Kurt “CyberGuy” Knutsson)
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Phishing scams are evolving
Recent advancements in phishing kits include better deliverability through integration with Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters. These methods increase the likelihood of victims receiving and engaging with fraudulent messages. The phishing sites are operated dynamically in real time by criminals, making them harder to detect and shut down. Even individuals who don’t own a vehicle have reported receiving these messages, indicating random targeting.
Illustration of a scammer sending toll road texts to scam victims (Kurt “CyberGuy” Knutsson)
THAT APPLE ID DISABLED MESSAGE? IT’S A DANGEROUS SCAM
7 ways to stay safe from toll scam messages
By staying vigilant and following the steps below, you can protect yourself from falling victim to toll scams.
1) Verify directly with toll operators: If you receive a message about unpaid tolls or fines, do not click on any links. Instead, visit the official website of your toll operator or contact their customer service directly to verify the claim.
2) Install strong antivirus software: The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3) Do not share personal information: Never provide sensitive details like payment card information, Social Security numbers or one-time passwords via text or unverified websites. Legitimate toll operators will not request such information through SMS.
4) Enable two-factor authentication (2FA): Use 2FA for your accounts whenever possible. This adds an extra layer of protection by requiring two forms of verification, reducing the risk of unauthorized access even if some details are compromised.
5) Be wary of urgency in messages: Scammers often create a sense of urgency, claiming immediate action is required to avoid penalties. Take a moment to assess the situation and verify the legitimacy of the message through official channels.
6) Report suspicious messages: If you suspect a phishing attempt, report it to the Federal Trade Commission or the FBI’s Internet Crime Complaint Center. Include details like the sender’s phone number and any links in the message. Additionally, inform your mobile carrier to help block similar scams.
7) Use a personal data removal service: Employ a reputable data removal service to reduce your online footprint and minimize the risk of scammers obtaining your personal information. These services can help remove your data from various data broker sites, making it harder for scammers to target you with personalized scams. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET It’s deeply concerning how these scams are becoming increasingly sophisticated and widespread. It’s no longer just about random phishing attempts. These are carefully crafted schemes designed to exploit our trust in systems we rely on daily. The fact that scammers can impersonate toll road operators so convincingly is alarming, and it shows how vulnerable we are to such attacks. It frustrates me to think of how many people may fall victim to these tactics, losing their hard-earned money.
Have you recently received a suspicious text message claiming to be from a toll road operator or any other service? How did you react? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels: Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Kurt’s key takeaway
/cdn.vox-cdn.com/uploads/chorus_asset/file/25472451/STK270_GOOGLE_MAPS_A.png "Google Maps in the US will change to Gulf of America and Mount McKinley")
Google said today that it plans to update Google Maps to reflect President Trump’s January 20th executive order to change the names of the Gulf of Mexico and Denali to the Gulf of America and Mount McKinley, respectively.
The company noted on X the updated nomenclature will appear once the Geographic Names Information System (GNIS) is updated.
“We have a longstanding practice of applying name changes when they have been updated in official government sources,” the company posted on X. It added that when “name changes vary between countries, Maps users see their official local name. Everyone in the rest of the world sees both names. That applies here too.”
Denali was named Mount McKinley until 2015.
The US Department of the Interior said last week it plans to follow the executive order to implement the name changes.
“The U.S. Board on Geographic Names, under the purview of the Department of the Interior, is working expeditiously to update the official federal nomenclature in the Geographic Names Information System to reflect these changes, effective immediately for federal use,” the Department of the Interior said on Friday.
An Apple spokesperson wasn’t immediately available to comment on its plans for Apple Maps.
Ever watched a YouTube video and thought, “I need to share this exact moment with my friends?” Well, you’re in luck. Sharing specific moments from YouTube videos is actually pretty easy. Whether you’re on a computer, iPhone or Android device, I’m here to show you how easy it is to do just that.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
YouTube app (Kurt “CyberGuy” Knutsson)
On your computer: Two simple options
The right-click method
- Head to YouTube.com, then locate and click on the video you want to send to someone
Steps to share exact time of YouTube video on a computer (Kurt “CyberGuy” Knutsson)
- Pause the video at the exact moment you want to share
- Right-click inside the video frame and select Copy video URL at current time
Steps to share exact time of YouTube video on a computer (Kurt “CyberGuy” Knutsson)
- That’s it. You’ve got your timestamp link. Paste it wherever you’d like: in an email, message or on social media
YOUTUBE’S 5 MOST OVERLOOKED USEFUL FEATURES
The share button method
- Head to YouTube.com, then locate and click on the video you want to send to someone
Steps to share exact time of YouTube video on a computer (Kurt “CyberGuy” Knutsson)
- Pause the video at the desired moment
- Click the Share button under the video
Steps to share exact time of YouTube video on a computer (Kurt “CyberGuy” Knutsson)
- Check the box next to Start at to adjust your desired start time, if necessary
- Copy the link
- Your timestamped link is ready to share; Paste it wherever you’d like: in an email, message or on social media
Steps to share exact time of YouTube video on a computer (Kurt “CyberGuy” Knutsson)
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
On your iPhone
- Open the YouTube app
- Find the video you want to share and click on it
- Play the video to your desired starting point
- Tap the Share button below the video
- Choose your preferred sharing method (e.g., Messages, Mail or Copy Link)
- The link you share will now include the timestamp, and the video will start at that point when opened
Steps to share exact time of YouTube video on an iPhone (Kurt “CyberGuy” Knutsson)
HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE
On your Android
YouTube has recently introduced a new, simplified method for sharing video timestamps on Android.
Settings may vary depending on your Android phone’s manufacturer.
- Open the YouTube app on your Android device
- Find and play the video you want to share
- Pause the video at the desired timestamp
- Tap the Share button below the video
- In the share menu, you’ll see a new toggle labeled Start at [current timestamp]
- Enable this toggle to include the timestamp in your shared link
- Choose your preferred sharing method or tap Copy link to copy the timestamped URL to your clipboard
Steps to share exact time of YouTube video on an Android (Kurt “CyberGuy” Knutsson)
These updated steps make sharing timestamps much simpler, as you no longer need to use Chrome or request the desktop site. For those using older versions of the YouTube app or Android OS or if the update isn’t yet available on your device, here are the previous steps:
Settings may vary depending on your Android phone’s manufacturer.
- Open the YouTube app
- Find and play the video you want to share
- Pause the video at the desired timestamp
- Tap the Share button and then Copy link
Steps to share exact time of YouTube video on an Android (Kurt “CyberGuy” Knutsson)
- Open Google Chrome, paste the link in the address bar or click where it says, “Link you copied,” and load the video
- Tap the three-dot menu icon
- Click Desktop site
- Play video and pause at the desired start time
- Tap the Share button again, check the box next to “Start at,” and the current timestamp will be automatically filled in.
- Tap Copy to get the timestamped URL
- Now, you can easily share the time-stamped URL via your preferred messaging app or social media platform
Steps to share exact time of YouTube video on an Android (Kurt “CyberGuy” Knutsson)
Both methods allow you to share specific moments in YouTube videos on your Android, but the new process is more streamlined and user-friendly.
TOP ANDROID PHONES OF 2025
Kurt’s key takeaways
Sharing specific parts of a YouTube video has never been easier. Whether you’re on a computer, iPhone or Android device, these steps ensure that your friends and family get to the exact moment you want them to see. Try it out and streamline your sharing experience.
Now that you know the steps to share an exact moment, follow our guide and share a specific part of our video with your friends right away. Don’t forget to let us know their reactions by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Trump administration offers buyouts to remote employees who don’t return to the office
Kansas City tuberculosis outbreak is largest in US history
WNBA star Caitlin Clark details 'incredible' experience alongside Taylor Swift at Chiefs' playoff game
Fake toll road texts sweep America as Chinese scammers target US drivers
Fashion Nova customers get $2.4 million in refunds over allegations it hid negative reviews
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Death of missing Oregon girl found in stream ruled homicide
Trump administration offers buyouts to remote employees who don’t return to the office
Georgia reacts angrily to EU suspension of visa-free travel
The company planning a successor to Concorde makes its first supersonic test
Kash Patel’s Loyalty to Trump Raises Doubts Over F.B.I.’s Independence
Ogles and other Republicans push federal ban on chemical abortions
-
Culture1 week agoBook Review: ‘Somewhere Toward Freedom,’ by Bennett Parten
-
Business1 week agoOpinion: Biden delivered a new 'Roaring '20s.' Watch Trump try to take the credit.
-
News1 week agoJudges Begin Freeing Jan. 6 Defendants After Trump’s Clemency Order
-
Business5 days agoInstagram and Facebook Blocked and Hid Abortion Pill Providers’ Posts
-
News3 days agoHamas releases four female Israeli soldiers as 200 Palestinians set free
-
Politics4 days agoOklahoma Sen Mullin confident Hegseth will be confirmed, predicts who Democrats will try to sink next
-
World3 days agoIsrael Frees 200 Palestinian Prisoners in Second Cease-Fire Exchange
-
News1 week agoA Heavy Favorite Emerges in the Race to Lead the Democratic Party