Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

bigbøss

macrumors newbie
Original poster
Nov 6, 2024
2
0
A few days ago I was trying to watch some sport streams on my iPhone from a less than legitimate source. I click on a stream link and as per usual I get bumped to a new tab so that I can be bombarded with ads. True to the nature of the site I’m using I get hit with similarly sketchy ads but, this particular ad page was dodgier than usual with many pop-up and alerts. At the exact same time as the webpage loads I got a text message, not an iMessage, trying to phish details from the website that citizens of my country use for interacting with federal government programs (welfare, taxation etc). The timing was so exact that I have no doubt that the website was the cause and now I’m also starting to get spam calls as well.

I didn’t click anything when the ad page loaded up, and I never provided my phone number to any of the sites mentioned. So I’m curious as to how they got my number to send me the phishing text. Is it possible for a website to get your phone number via a safari API. Did the website exploit a previously unknown zeroday? Or maybe ad network fingerprinting is so advanced that they could just combine the ad profile they (likely) have on me with a number they got from another source? What do you guys think?

PS: I was using an iPhone 16PM on iOS 18.0.1. I restarted my phone after this occurred, and I absolutely did not interact with the phishing text.
 
Yes a website can and it is all to do with cookies. A website cookie can grab all sorts of information if the user allows it. What I mean by this is that websites are supposed to display a popup requesting the user to agree to the use of cookies. Not all websites do this though, especially less than legitimate websites. Such websites can grab your IP number, your email address, what web browser you are using, your mobile phone number, you location data. This less than legitimate websites will have partners, partners who will be given the cookie info off the less than legitimate website. Your mobile phone number will now be in the hands of a few hundred possible thousand dodgy websites and unscrupulous people.
 
Yes a website can and it is all to do with cookies. A website cookie can grab all sorts of information if the user allows it. What I mean by this is that websites are supposed to display a popup requesting the user to agree to the use of cookies. Not all websites do this though, especially less than legitimate websites. Such websites can grab your IP number, your email address, what web browser you are using, your mobile phone number, you location data. This less than legitimate websites will have partners, partners who will be given the cookie info off the less than legitimate website. Your mobile phone number will now be in the hands of a few hundred possible thousand dodgy websites and unscrupulous people.
Ah well. It sucks but at least my phone wasn’t hit with some weird zero day.
 
Yes a website can and it is all to do with cookies. A website cookie can grab all sorts of information if the user allows it. What I mean by this is that websites are supposed to display a popup requesting the user to agree to the use of cookies. Not all websites do this though, especially less than legitimate websites. Such websites can grab your IP number, your email address, what web browser you are using, your mobile phone number, you location data. This less than legitimate websites will have partners, partners who will be given the cookie info off the less than legitimate website. Your mobile phone number will now be in the hands of a few hundred possible thousand dodgy websites and unscrupulous people.
No, the only information that a website can get is the basic information that a browser will reveal: ip address, browser type and version, fonts, screen size, and some other similar information. Not your email address, phone number, or direct location information (unless you approve location access). Cookies are just simple files that a website can ask the browser to store and that return to the website the next time you come back.

That website could using some of that basic information to match you up with information collected by another website. If you have provided your phone number to the other website and it is willing to share that, then other websites could get that information.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.