iPhone alert issued! Apple users being targeted by phishing attack with fake password change requests

Apple users are facing a sophisticated phishing attack exploiting a potential bug in the password reset feature.

By: MOHAMMAD REHAN KHAN
| Updated on: Mar 28 2024, 15:18 IST
Apple phishing attack
Attackers exploit a potential bug in Apple's system, aiming to compromise user accounts through deceptive tactics. (REUTERS)

In a concerning development, Apple users have become the latest targets of an advanced phishing attack. The attack leverages a potential bug in Apple's password reset functionality, resulting in a barrage of notifications or multi-factor authentication (MFA) messages bombarding users' devices.

iPhone alert issued

The attack involves tricking users into approving an Apple ID password change request. The attacker repeatedly prompts the target's iPhone, Apple Watch, or Mac with system-level password change approval texts. The goal is to trick the user into unintentionally accepting the request or to keep pestering them with alerts until they click the accept button. The attacker obtains control of the Apple ID upon acceptance, therefore preventing the user from accessing their account as reported by KrebsOnSecurity.

You may be interested in

MobilesTablets Laptops
4% OFF
Apple iPhone 15 Pro Max 1TB
  • Black Titanium
  • 8 GB RAM
  • 1 TB Storage
5% OFF
Apple iPhone 15 Pro
  • Black Titanium
  • 8 GB RAM
  • 128 GB Storage
11% OFF
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
13% OFF
Apple iPhone 13
  • Blue
  • 4 GB RAM
  • 128 GB Storage

Also read: Apple WWDC 2024 set to kick off on June 10 at Apple Park; advancements in iOS, macOS confirmed

Because the attack is persistent, all connected Apple devices cannot be used until each notice is ignored separately. Parth Patel revealed on Twitter how terrifying his experience was and how he had to delete more than 100 alerts to regain control of his gadgets.

Also read
Looking for a smartphone? To check mobile finder click here.

Furthermore, attackers resort to phone calls posing as Apple representatives if the user resists clicking "Allow" on the password change notifications. During these calls, victims are forced into revealing the one-time password sent to their phone number, further compromising their security.

The attackers exploit information leaked from people's search websites, gaining access to users' names, addresses, and phone numbers. While the method seems sophisticated, it relies on having access to the email address and phone number associated with the Apple ID.

According to KrebsOnSecurity's analysis, attackers bypass the intended functioning of the system by taking advantage of Apple's forgotten Apple ID password page. Attackers can send users repeated messages despite the CAPTCHA function, most likely by taking advantage of a bug in Apple's system.

Apple device owners are advised to be vigilant and refrain from approving suspicious password change requests. Additionally, as Apple does not make these requests over the phone, customers should be cautious of unwanted phone calls asking for one-time password reset codes.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 27 Mar, 17:01 IST
Tags:
NEXT ARTICLE BEGINS