Conflicting advice on iPhone security after clicking scam text links

Clicking on a link CANNOT, I repeat, CANNOT add a virus or malware to an iPhone. As long as your husband didn't give anything related to his Apple Account, Password or banking information, he is fine. There are in fact NO KNOWN viruses for iPhone which aren't jailbroken. NONE.

I don't know how things work in the UK, but in the US, government agencies DON'T text Americans about unpaid fines EVER.

to install software on a Mac, you must have entered your Mac Admin Username and Password to allow it to install.

In general at this writing, an iPhone can only install things that it got from the iPhone App Store. Nothing else is allowed.

If you revealed passwords or email addresses or other items during this process, you may have compromised some of your External Accounts, but NOT the software on your iPhone.

Mrwhippet wrote:

We will do that but his default browser is Ecosia not sure if that complicates things?

It does. My suggestion would have removed the history of the links he clicked on, but won’t do anything if Safari was not used. If clearing the history seems important, see Ecosia’s method for doing so. It may not be important, but I suggested it as a simple step that may or any not be useful and won’t cause harm.

Mrwhippet wrote:

Thanks for confirming. Slightly perplexed why an advisor said that the phone was at risk! I thought a factory reset was a bit harsh.

I wouldn't lose any sleep over this. We ALL have to be super vigilant in these days of Phishing Scams, but a factory reset does seem unnecessary. The advice to clear the Browser History is a good suggestion.

Mrwhippet wrote:

I have had one advisor say that if the phone isn't jail broken then nothing nasty (viruses, malware etc) can get on the phone.

Correct!

A second advisor said that iPhone's aren't secure and it is possible that the phone is compromised and to do a factory reset and then back the phone up.

The second advisor's solution to Factory Reset would be correct for a phone that has been jailbroken. With some users not admitting to the fact that they intentionally jailbroke their device to Apple, it is in Apple's best interest to assume the worst and return the device to the default configuration which is secure. Any user can jailbreak their iPhone and more importantly anyone that has access to your device by giving them your Passcode. It cannot be done remotely, so the security of the device is on you by protecting your Passcode/Password. With a device that has not been jailbroken, it is NOT possible to install any virus by clicking those links.

On a side note, accounts are easily compromised through the method you described and that would have been the case if you chose to pay. That would then give the scammer the details about your payment method and would probably require you to enter an account number instead of using Apple Pay for a secure payment method. A Factory Reset on your device will not solve a problem of an account being compromised and the only solution to that is to contact your bank and in the case of a password that was entered, it would require that password to be changed.

One precaution you should absolutely do immediately is:

Settings > Apps > Safari (assuming that’s his browser) > Clear History & Website Data.