In some ways, security on youriPhoneis more fraught than ever, even though Apple has done an excellent job atbuilding up its defenses. We’re bombarded with threats daily, some of them deeply insidious. Organized crime targets us with forced labor at scam centers, while other forces work to crush internal dissent and infiltrate foreign institutions.
Tricks are the main tactic you’ll encounter, though, coming in the form of phishing. Phishers produce websites, emails, and text messages that are designed to look legitimate, but are really engineered to steal yourprivate data, or infect you with spyware or ransomware. The good news is that phishing is usually easy to dodge with a little skepticism, and that Apple and other app makers have implemented special anti-phishing protections. You’ll find some of the tools I rely on below.
Apple iPhone 16 Pro
Do you really need to worry about spyware on your phone?
It’s a matter of where you live, what you do, and what your security habits are like.
1Double-checking every new web address before tapping it
The most obvious tell
Most phishing scams are concerned with getting you to visit a specific fake website. If you’re not immediately hit with malware – which is less of a threat on iPhones, thankfully – the site will persuade you to share details like a password, your credit card details, or even your Social Security number. But the flaw in these scams is that they can’t use the exact URL of the site they’re pretending to be. Before clicking on a link, check that it matches the address of the site you’d normally deal with. For a hypothetical example, any legitimate Apple link is going to have “apple.com” at its root. A site like “apple-lucky-money.com” (which, hopefully, doesn’t actually exist) is going to have nothing to do with the company.
As a rule of thumb, if there’s any doubt, don’t click.
There are ways of concealing a URL, say by linking a keyword or image, or using a URL shortener. But if you touch and hold a link in Safari, you’ll get a preview of its contents, giving you a sense of whether you really want to proceed. There are ways of previewing links in other apps, too. As a rule of thumb, if there’s any doubt, don’t click.
After the iPhone Fold, it’s time Apple joined the flip phone club
It may be a crucial step for making foldables mainstream.
2Questioning how (and why) someone is reaching out
Pausing for a moment can save you
Being a tech journalist, I get a lot of unsolicited email pitches from press agencies, some of them non-sensical – why would the readers of a tech site care about who the sexiest athlete is? Yes, that’s a real pitch I got recently. The PR agent in question has probably never read any of my work.
Here’s the thing, though – I’m expecting to get pitches, and agents never insist that I click on a link or share private information. If you get a text or email that demands something of you, and is apropos of nothing you initiated, that’s probably a red flag or at least a yellow one. To ramp up the pressure, phishers often couch their demands in the most urgent-sounding scenarios, such as a hold on an important package. Don’t fall for it.
Also, consider the medium through which a request is sent. Unless you already know the person, you’re not going to get a serious job offer via a text message. Likewise, important investment deals don’t start with e-mail spam, and companies like Apple and Microsoft have dedicated chat systems and phone lines for tech support. They’re not going to send you an SMS or WhatsApp message out of the blue.
Is it safe to use Apple AirTags?
The risks are usually very low, but you need to be aware of them.
3Using Safari’s built-in warning features
A fail-safe for dangerous content
Don’t beat yourself up if you end up being lured to a fake website. To err is human, and, for some perspective, well-educated people at major institutions have fallen prey. It’s difficult to keep up your guard 24/7, especially if you’re checking texts or emails on the go instead of sitting down in front of your tablet or laptop. It’s easier to be patient in a comfy chair.
To help you, Safari for iOS has two relevant features, both accessible viaSettings > Apps > Safari. The first isFraudulent Website Warning, which, as its name implies, should display a warning whenever it thinks a website is dangerous. Apple’s tech is a little overzealous sometimes, but it’s better to have to bypass a warning occasionally than put your iPhone at risk.
The other feature isNot Secure Connection Warning. It might not seem related to phishing on the surface, but since fake websites are built to either steal your data or deliver malware, they don’t use the encrypted connections reputable websites do. If you get a “Not Secure” warning on a webpage, back out immediately – even if the site is legitimate, its security measures may be too weak.
How I keep my phone protected against stingrays (not that kind)
It’s an area where Android devices seem to be ahead of iPhones.
4Chrome Safe Browsing
Extra protection with a privacy trade-off
Many people use Chrome on their iPhone instead of Safari, and if you do too, protections similar to Safari are on by default. You can feel relatively comfortable that you won’t land in scam territory. You should, of course, continue to think critically about links in texts and emails.
If you’re especially worried about phishing, though, Chrome has an even tougher security option calledEnhanced protection. You can find it by opening Chrome, tapping thetriple-dot icon, then navigating toSettings > Privacy and security > Safe Browsing.
I actually use Standard protection myself, but the Enhanced option performs real-time analysis based on AI. That can potentially catch new and exotic phishing attempts, since Standard only relies on a list of known offenders, albeit regularly updated. There are trade-offs for going Enhanced – Google receives more data about the sites you’re trying to visit, and there’s an increased potential for a false positive. You’ll have to decide for yourself whether those things are acceptable in return for blocking anything remotely resembling an attack.
Everything you need to know about PEVs, or personal electric vehicles
You can use PEVs to explore, run errands, or speed up your commute.
