Do Phishing Scams Work On iPhone?

by Tim Chesonis | Last Updated:  June 10, 2019

The iPhone is hands-down, far more secure than any Android cell phone on the market today.  In fact, an iPhone running the latest version of its operating system is nearly impossible to hack into.  Given how secure the iPhone is, naturally one might think that it would protect one from phishing scams.  But does it?

Phishing scams will work on any device that allows you to respond to the sender. Once you respond, you have the potential of being the victim of a phishing scam. Even if it is an iPhone.

You are going to learn what types of phishing scams there, how to recognize them, and what to do when you encounter one.

What is a phishing scam and why are they phishing for my data?

According to Merriam Webster, the term, “Phishing” is defined as:

A scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly.

Obviously, the word “phishing” is a play on the word, “fishing”, and in a sense, both a fisherman and a “phisherman” (scammer), do the same thing.  Both try to use bait to get you to bite.

The fisherman will use a different kinds of bait to trick the fish into biting the food on the hook. Of course, once they take the bait, they get hooked and are reeled in to their death.

Similarly, the scammer will use any method he can in order to convince you to hand over confidential information for his own benefit. The scammer is a thief, and his objective is to con you into giving him what he wants. He may personally use the information that you have divulged, but if not, he will sell that information to a third party that is ready and waiting to use that information for their benefit.

What types of phishing scams are there?

Long ago, when people were far more trusting than they are today, scammers would prey on the elderly by writing a hand-written letter conning the naive, telling them a tall tale, playing on the emotions of their next victim.

Generally speaking, they would try one of the following three methods.

Each of these methods took time . . . considerable time.  When the technological revolution hit with the advent of the personal computer, phishing in its current form grew exponentially.

So, rather than fishing with one line in the water, they upped their game by fishing with nets, so as to take advantage of as many people as they possibly can.

All “Phishermen” (scammers), have one thing in common.  They will take anything of value and use any means to do so, regardless of how it effects their victim.

Today, there are basically four ways in which phishing scammers will attempt to get you to take their bait.  All four approaches . . .

Via E-mail

This is the most popular phishing method used by scammers. The reason that it is so popular is because the scammer only has to invent one story. He can then send that one email to thousands of people, if not tens of thousands. It only takes a handful of people to fall for the con, for it to be effective. 

Via Text Message

Because text messages are so personal, if a scammer knows even just a little but about you, a friend’s name, for example, they can ask you to send them money via PayPal or the Cash app. All they need to do is to convince you that your friend is in need. Obviously, this can easily be avoided by calling your friend to confirm the need, but people still fall for it.

Via Social Media

Phishing scams don’t find a lot of success, as people will comment (on Facebook, for example), warning users that the “story” is a scam.  But not everybody takes their advice.  Some will click on the link which will take them to a website that will elaborate on the story being told in the hope that they will be able to convince you to fall for their con.

Via the Internet

If a scammer can convince you to provide information by filling out a form on their website, they can use that to contact you at a later time with a scam, or they can sell that information to others who will do the same.  In a few minutes, we’ll discuss ways in which you can wisely submit information via forms on a website.

How to recognize a phishing scam

In a minute I’ll show you several things to look for in an e-mail phishing scam, but let’s first discuss some practical things to look out for regardless of the method the scammer uses.  There are some practical common sense things that you need to consider.

Trust Your Instinct

Often, when I speak to someone who has fallen victim of a phishing scam, they almost always say, “Something smelled fishy about the e-mail, but I wasn’t sure”.  Listen to your gut.

If your instincts are telling you to be cautious, BE CAUTIOUS!

I know that we want to believe people and give them the benefit of the doubt, but if you were walking down a dark alley in New York City at 2:30 am, wouldn’t you be cautious?  Of course you would.  You need to think of the internet, e-mail, text messages from people you don’t know, and those you see in social media as strangers.  Some of these people are just like the people who hang out in dark alley’s in New York City at 2:30 am.

Do You Personally Know the Sender?

I don’t mean, “Do you have an email relationship?” I mean, have you personally met the sender face-to-face, several times to the point where you have developed a personal relationship with the sender?

Regardless of how long of an e-mail relationship you may have, have you literally met the person in question face-to-face?  If not, read the email with the skepticism.  Remember, the goal of the scammer is to get you to trust them, and aims to break down any doubt-barriers you may have.

Common Sense

The e-mail has to make sense.  Do you really think that you are the heir of some King from Nigeria who has untold treasures awaiting you?  Does the “friend” who sent you an e-mail asking you to send them money to pay for their sick mother who urgently needs an operation . . . wouldn’t you think that your “friend” would call you on the phone for such a request? 

Some people are very naive and gullible.  It’s precisely these people that scammers are hoping to prey upon.  You may not be that person, (and I hope you aren’t), but it is my hope that through reading this article, you will make the people within your influence aware of how scammers think, and what to look out for in phishing scams.  Scammers prey on the naive and those who are gullible, but also on professionals just like you.

Now let’s take a look 8 things you should look for in ANY e-mail you receive.

Have You Met the Sender Face-to-Face?

How well do you know the sender of the e-mail?  Again, have you met the sender face-to-face?  Have you spoken to them on the phone before?  If you have not met them face-to-face, have any of your other colleagues met this person face-to-face?  This point can not be over-emphasized, and it’s not something that you should give a pass to.  Many people are scammed because they have not met the e-mail sender face-to-face.

Check the Integrity of the Links Within the E-mail

Let’s say you receive an e-mail from your bank, (let’s use “Bank of America” as an example).  The real URL is https://www.bankofamerica.com/.  If you hover over the link and anything other than https://www.bankofamerica.com/ appears, it’s a fraudulant e-mail.  When hovering over the link, it might display something close, such as https://www.bank-of-america.com/ or https://www.bankofamrica.com.  Don’t fall for it.  Any time I receive an e-mail from what I believe to be a legitimate e-mail from any website, rather than clicking on the link within the e-mail, I always visit the website directly by typing the URL in the address bar before logging into the website, just to ensure that I am not being phished.

Misleading Domain Names

Another thing to look out for when hovering over an embedded link within an e-mail, is to see if the domain name listed is misleading.  Again, using the bankofamerica.com domain as an example, when hovering over the link with your mouse, do you see something like bankofamerica.com.iamascammer.com? When you hover over a URL with your mouse, whatever the URL ENDS with is where the link will take you.

What Does the Grammar and Punctuation Look Like?

Is the e-mail written in the same way that the sender of the e-mail speaks?  Assuming you speak English, is the e-mail written in broken English?  Are the tenses used in the e-mail consistent?  Is the e-mail grammatically correct?  Are there any obvious spelling errors?  Understand that this alone is not reason to delete the e-mail, but it should raise a red flag, because most e-mail scams come from foreign countries where English is not their first language.

Does the Email Ask for Personal Information?

Personal information ranges from everything from your name to your bank account number.  Understand that the information that they request may not look like it could be used against you.  They will collect your information and compile it with other information that has already been collected from other sources.

For example, they *may* ask for your pet’s name, your mother’s maiden name, or the name of your first grade teacher.  Why would they do this?  They want this information because they can sell it to others who will have malicious intent.  Those scammers will try to convince you that they know  you and that you can trust them.

For example, “Remember when your Mom, (name of your Mom), made the KoolAid for our KoolAid stand when we were kids on (name of street), in (name of town you lived in as a child).  (First grade teacher’s name) thought we were the best for finding a way to build our own business.”

Do you see how compiling your personal information can be used against you?  Be careful when providing personal information about yourself.  Make sure that you know what information you are divulging, and to whom you are divulging that information to.

If It Sounds Too Good to be True . . . It is

In 1991, John Goodman starred in a movie called, “King Ralph”.  The movie is about an average guy who was the sole descendant to the the throne in England.  It was a very funny movie, but deep down inside, I think that each of us wishes that we were the sole descendant of some rich and wealthy King.

There have been numerous e-mail’s (way too many to count), that have been sent out to people telling them that they are the sole descendant of some Nigerian King.

As I mentioned earlier, do you really believe that you are the one sole descendant to the King of Nigeria?  I’m guessing that you don’t really believe that you are his sole descendant, but in the back of your mind, you might be thinking, “There could be a chance, and what the heck, it couldn’t hurt, maybe I’ll get something out of it”.  That is exactly what the scammer is hoping you will think.  After all, who does not want the chance to gain the riches of a King?

If in doubt, ask a friend if they think it sounds fishy (phishy).  If you REALLY are the the heir to the throne, they will certainly contact you OUTSIDE of an e-mail!

Did You Ask To Be Contacted via E-mail?

If someone is offering you something that you did not ask for, then treat it like the junk mail you receive in your outside mailbox when you get home each day.  Throw it in the trash.  Don’t even open it up.  just delete it.

If they claim that you are the winner of a given contest, just throw it out.  I receive junk mail like that every day at home.  Out of 5 pieces of mail that I receive, 3 of them are are meant for the trash.  I don’t even open them.  The same is true for e-mail.  Just send it to the trash and don’t open it.

Does the E-mail Ask for You to Send Money or Gift Cards?

If so, DELETE.  I once worked at a company where an e-mail went out to the entire company FROM what appeared to be the e-mail address of the CEO of that company.  In it, people were asked to purchase Amazon Gift cards and scratch off the number on the back of the card and e-mail it to the CEO (by replying to that e-mail).  One of the several hundred company employees that received the e-mail, did just that, and that individual was out several hundred dollars.

Any e-mail that asks for money, gift cards, (or anything that could be converted to cash), must be viewed with skepticism.  Before sending any money or click on any link within the e-mail, verify that it is a legitimate need from the sender by picking up the phone and calling them in person, (and don’t use the phone number provided in the e-mail).

Does the E-mail Threaten You?

Some scammers are so bold that they will threaten you with fear.  They will tell you that they will close your account, or take possession of your car, or that the IRS will garnish your wages.

If you receive a threatening e-mail, telling you that you must send cash or sensitive information, it’s definitely a scam.  This is a HUGE red flag.  Again, always verify where it is coming from.  Pick up the phone and make a few phone calls, (again, don’t call any of the phone numbers within the e-mail itself).  You can save yourself a huge headache by simply calling to verify the information being requested.  If in doubt, contact your lawyer and ask them.

Below is an example of a phishing e-mail.  So that people don’t fall for this scam, I have turned it into an image so as not to propagate this phishing scam. Having read the steps above, how many things can you find wrong with this e-mail?

What to do and what not to do when you see a phishing scam

What TO DO when you find a phishing e-mail:

  1. Notify your work colleagues, by taking a screenshot of it, (don’t forward the e-mail), and send the screenshot of it to them.  This way, they will know what to look out for.
  2. Delete the immediately . . . and then empty your trash.

Remember, the more you see phishing scams, the more obvious they become.  Others in your company, or colleagues who sit by you, may ask you if you think the e-mail that they just received is a phishing scam.

What NOT TO DO when you find a phishing e-mail.

  1. Do not click on ANY link with in the phishing e-mail.
  2. Do not open ANY attachments within a phishing e-mail.
  3. Do not download ANY attachments to the phishing e-mail.
  4. Do not forward the e-mail around the company or to your department to make them aware of the phishing scam.  Instead, take a screenshot and send THAT screenshot in a separate e-mail.

What e-mail app and web browser app should I use on my iPhone?

One might think that they *must* only use the “Safari” web-browser and the “mail” e-mail app that is built into your iPhone to prevent yourself from becoming a victim of a phishing scam.  This simply is not true.

As mentioned earlier, phishing scams will work on any device that allows you to respond to the sender. Once you respond, you have the potential of being the victim of a phishing scam. Even if it is an iPhone.

To browse the web, I have personally used Safari, Google Chrome, Firefox, DuckDuckGo, and even the Phantom web-browser on my iPhone and iPad with no issues whatsoever.  In addition to the Mail app on the iPhone, I have used FastMail, Microsoft Outlook, Edison Mail, Proton Mail, and Spark as my e-mail client, all without issues.

Because phishing scams are not related to the software application being utilized, but rather the decisions that you make while using the software, you don’t need to worry about what software you are using.

Closing Thoughts

The iPhone is an incredibly secure phone, and is next to impossible to hack into.  Remember, it took one decision to let the Greeks enter the city of Troy with their Trojan horse.  In the same way, a phishing scam will only work if you grant access by providing information to the scammer.

Tim loves writing and helping people succeed. He brings a wealth of wisdom and insight from an entrepreneur's perspective, enjoys tinkering with computers, and is a die-hard gadget guy, especially when it comes to cell phones :-) When he's not writing another article, he's probably binge-watching Suites or Breaking Bad, (again). To learn more about Tim, click here.