iPhone alert issued! Apple users being targeted by phishing attack with fake password change requests
Apple users are facing a sophisticated phishing attack exploiting a potential bug in the password reset feature.
In a concerning development, Apple users have become the latest targets of an advanced phishing attack. The attack leverages a potential bug in Apple's password reset functionality, resulting in a barrage of notifications or multi-factor authentication (MFA) messages bombarding users' devices.
iPhone alert issued
The attack involves tricking users into approving an Apple ID password change request. The attacker repeatedly prompts the target's iPhone, Apple Watch, or Mac with system-level password change approval texts. The goal is to trick the user into unintentionally accepting the request or to keep pestering them with alerts until they click the accept button. The attacker obtains control of the Apple ID upon acceptance, therefore preventing the user from accessing their account as reported by KrebsOnSecurity.
Also read: Apple WWDC 2024 set to kick off on June 10 at Apple Park; advancements in iOS, macOS confirmed
Because the attack is persistent, all connected Apple devices cannot be used until each notice is ignored separately. Parth Patel revealed on Twitter how terrifying his experience was and how he had to delete more than 100 alerts to regain control of his gadgets.
Furthermore, attackers resort to phone calls posing as Apple representatives if the user resists clicking "Allow" on the password change notifications. During these calls, victims are forced into revealing the one-time password sent to their phone number, further compromising their security.
The attackers exploit information leaked from people's search websites, gaining access to users' names, addresses, and phone numbers. While the method seems sophisticated, it relies on having access to the email address and phone number associated with the Apple ID.
According to KrebsOnSecurity's analysis, attackers bypass the intended functioning of the system by taking advantage of Apple's forgotten Apple ID password page. Attackers can send users repeated messages despite the CAPTCHA function, most likely by taking advantage of a bug in Apple's system.
Apple device owners are advised to be vigilant and refrain from approving suspicious password change requests. Additionally, as Apple does not make these requests over the phone, customers should be cautious of unwanted phone calls asking for one-time password reset codes.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.