NewsThe estimated reading time is 3 minutes

FBI Warning Sparks Alarms Over iMessage and RCS Vulnerabilities

henryHenry Wilson
0 Comments

A fresh cybersecurity warning is pushing iPhone and Android users to rethink how they message. And it’s not just about SMS anymore — the threats are evolving.

When the FBI says texting is dangerous, people listen. And lately, the warning signs aren’t just about old-school SMS messages. A wave of massive smishing attacks is now targeting even more modern platforms like iMessage and Google’s RCS — shaking confidence in services users thought were safer.

The issue? These platforms may not be as bulletproof as they seem. And experts say things could get worse before they get better.

Smishing Campaigns Are Blowing Up — Literally

Smishing isn’t new. But the scale is off the charts now.

According to the cybersecurity firm Resecurity, a single threat actor can pump out around 2 million smishing messages every single day. That’s up to 60 million per month. Basically, every person in the U.S. could get hit twice a year at this rate.

One sentence. That’s all it takes to lure someone into clicking a malicious link.

These scams are often dressed up as toll notices or missed delivery alerts. But now attackers are upping their game. Instead of relying solely on SMS, they’re pushing their phishing efforts onto platforms like iMessage and RCS, where people let their guard down.

woman looking at smartphone security warning

Why iMessage and RCS Are Being Targeted Now

Here’s the kicker: modern platforms offer attackers more tools. And they know it.

Unlike SMS, iMessage and RCS operate over the internet. They support richer content — think images, clickable links, smart previews. All that “rich communication” is what makes them useful — and also what makes them dangerous in the wrong hands.

  • Smishing actors are now choosing platforms with better formatting tools, engagement features, and delivery control.

But it’s not just about the format. The security gaps are harder to close.

Even though iMessage is end-to-end encrypted (when messages stay inside Apple’s ecosystem) and RCS is beginning to offer encryption (at least within Android), both still carry certain risks. Their deep integration into phone systems makes them tough to isolate or block entirely.

Sometimes messages slip past filters. And sometimes, users just don’t know what to trust.

Apple and Google Have Their Work Cut Out

The fight against messaging scams isn’t exactly a tech showdown, but Apple and Google are definitely under pressure.

Apple’s iMessage has long been seen as the “safe zone” for Apple users. It’s closed off from Android and tightly controlled. But when attackers start leveraging platform-level tools and deliver malicious messages from inside that walled garden, even Apple can’t promise perfect safety.

Google, meanwhile, has been pushing RCS hard — especially since it became the standard replacement for SMS on Android. But RCS’s encryption is still catching up. Right now, it’s mostly encrypted inside Android phones. Cross-platform? Not yet.

A Google spokesperson said last year that full encryption for cross-platform RCS was “coming soon.” That promise still hangs in the air.

What Makes These New Attacks So Hard To Stop

Attackers are adapting faster than the defenses.

They’ve figured out how to rotate phone numbers so they don’t get flagged. They can use AI to tweak messages just enough to avoid spam filters. And once messages get delivered, it’s all about tricking users with fake urgency and well-designed scams.

Filtering a few thousand messages is one thing. Filtering 2 million per day? Whole different ballgame.

Sometimes you’ll get a message that looks perfectly normal. Just a missed toll payment. A delivery issue. A security alert. But it only takes one tap for your credit card info to be stolen.

Where’s WhatsApp in All This?

As strange as it sounds, the answer might still be Meta’s WhatsApp.

WhatsApp isn’t just big — it’s massive, with more than 3 billion users worldwide. And for all its flaws, it has a consistent record of providing strong encryption by default across platforms. That matters.

Security agencies like CISA (Cybersecurity and Infrastructure Security Agency) in the U.S. have even pointed to apps like Signal as the safest alternative to SMS. But Signal’s reputation took a hit after its use in conflict zones raised concerns about its neutrality and exposure.

A lot of users — especially in the U.S. — still default to iMessage and now RCS. It’s convenient, built-in, and familiar. But convenience is the exact thing attackers love to exploit.

Here’s a quick comparison of how the main messaging platforms stack up:

What’s Next — And Why Users Should Stay On Guard

Unfortunately, this isn’t just a phase.

These threats are growing smarter, bolder, and sneakier. With new tools powered by AI, attackers can make their messages look scarily legit. And with more people using mobile wallets like Apple Pay and Google Wallet, the stakes are higher than ever.

Some experts worry that unless telco networks, tech giants, and governments start working more closely, these scams will only escalate.

Author

henry
Henry Wilson is a talented and versatile article writer who can produce high-quality content on various topics and niches. He has a knack for quick writing, as he can research, write and edit an article in less than an hour. He is also skilled in SEO, copywriting and proofreading, and knows how to optimize his articles for different platforms and audiences. He has a degree in journalism from the University of Sydney and has worked for several online publications, such as The Conversation, The Guardian and BuzzFeed. He is passionate about sharing his knowledge and opinions with the world, and always strives to deliver engaging and informative content.
Other Posts
  • Related Articles
  • More from Author

No related posts.

Leave a Reply

Your email address will not be published. Required fields are marked *