iOS 27 will help protect you from social engineering scams in real time — here's how

iOS 27 icon shown on an iPhone screen
(Image credit: Tom's Guide/Apple/Shutterstock)

Scams are unfortunately everywhere, and it doesn't matter how clued in you might be, you can't be vigilant 100% of the time — and it only takes one lapse in concentration for the scammers to win. Thankfully our tech is stepping in to offer some extra protection, and iOS 27 is set to make it easier to be notified if you're about to be scammed

Apple is introducing a new framework called "Trust Insights" in iOS 27, and it's designed to warn apps that you may be falling victim to a social engineering scam. The framework is designed to run "mostly on-device" with the ability to analyze “interaction patterns, timing, context, and basic sensor data.”

If the framework detects that the user may be getting coached through a scam, Trust Insights will assign a risk level (medium or high), which will allow apps to add warnings, delays or implement additional levels of verification.

Latest Videos From

That last part sounds particularly ingenious to me. Like any kind of unsolicited caller, scammers are usually working from some kind of script, as soon as things go off into unfamiliar territory they may have to start improvising. That makes their job harder, and gives users more of a chance to figure out that something isn't right.

How Trust Insights works

iOS 27 icon shown on an iPhone screen

(Image credit: Tom's Guide/Apple/Shutterstock)

The problem is that social engineering scams are much harder to automatically detect, because there's no kind of unauthorized access going on. The user is the one doing those actions, even if they're being coached by someone on the other end of a phone call. That's why the Trust Insights framework needs to be able to analyze what's going on.

Apple has confirmed that the framework doesn't look at the contents of messages, emails or photos. Instead it analyzes the behavioral signals on your devices, and then discards the underlying data before sending a single output value to an Apple server.

That value can then be combined with information on your Apple account, checking for unusual activity, before making a final decision on whether a scam may be occurring. The analysis itself will cover five key categories:

  • Payment: Including assets, content money or in-game purchases
  • Account: Updating your account details or security information
  • Resources use: Requests that involve costly or constrained infrastructure, such as AI inference
  • Communication: Sending messages. submitting forms and signing documents
  • Other: a broad category designed as a fallback for anything that doesn't fit the other four categories.

Apple did say that users can switch off Trust Insights in the settings menu, but there may be a cooldown period to stop scammers coaching users into switching it off. Which makes sense, considering that's the first thing a savvy scammer is going to ask you to do.

Obviously this is going to rely on apps implementing the framework before Trust Insights can do you much good. That said, with the rate at which scams are increasing, and how clever they are at duping even the smartest of people into handing over their money, any extra protection our devices can offer is a good thing. You can learn more about Trust Insights on the Apple Developer site.


Google News

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.


More from Tom's Guide

TOPICS
Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.