iPhone alert has been sent!Apple users targeted with phishing attacks over fake password change requests

Photo of author
Surja

Worryingly, Apple users have become the latest targets of advanced phishing attacks. The attack exploits a potential bug in Apple’s password reset feature, causing a flood of notifications or multi-factor authentication (MFA) messages to bombard users’ devices.

iPhone sounds alert

The attack involves tricking users into approving Apple ID password change requests. The attacker repeatedly prompts the target’s iPhone, Apple Watch, or Mac with a system-level password change approval text. The goal is to trick users into accepting the request unintentionally, or to pester them with alerts until they click the accept button.Once accepted, the attacker could gain control of the Apple ID, preventing the user from accessing their account (e.g. Krebs on security.

Because the attack is persistent, all connected Apple devices are rendered unusable until each notification is ignored individually. Parth Patel took to Twitter to reveal how horrific his experience was and how he had to delete over 100 alerts to regain control of his device.

Additionally, if the user refuses to click “Allow” on the password change notification, the attacker can make a call pretending to be an Apple representative. During these calls, victims are forced to reveal one-time passwords sent to their phone numbers, further compromising their security.

Attackers used information leaked from people’s search sites to obtain users’ names, addresses and phone numbers. While the method seems complicated, it relies on accessing the email address and phone number associated with your Apple ID.

According to an analysis by KrebsOnSecurity, attackers exploited Apple’s Forgotten Apple ID Password page to bypass the system’s intended functionality. Despite the CAPTCHA functionality, attackers could still send duplicate messages to users, most likely exploiting a bug in Apple’s system.

See also  Samsung will release One UI 6.1 and Galaxy AI for older phones on March 28

Apple device owners are advised to be vigilant and not approve suspicious password change requests. Additionally, customers should be wary of spam calls requesting one-time password reset codes, since Apple does not make these requests over the phone.

Follow us on Google news ,Twitter , and Join Whatsapp Group of thelocalreport.in

Surja

Surja, a dedicated blog writer and explorer of diverse topics, holds a Bachelor's degree in Science. Her writing journey unfolds as a fascinating exploration of knowledge and creativity. With a background in B.Sc, Surja brings a unique perspective to the world of blogging. Hers articles delve into a wide array of subjects, showcasing her versatility and passion for learning. Whether she's decoding scientific phenomena or sharing insights from her explorations, Surja's blogs reflect a commitment to making complex ideas accessible.

...

Related Articles

“You want lion’s liver, no…”: Mohammad Kaif after Virat Kohli’s furious strike-rate rant cricket news

“I’m A Grown Man Running Against A 6-Year-Old”: Biden Jabs Trump

Apple renews talks with OpenAI for iPhone Generator AI features: Report

Tihar Authorities Not Allowing Arvind Kejriwal’s Wife To Meet Him: AAP

Joe Alwyn has no beef with Taylor Swift: report

Strictly’s Shirley Ballas reveals biggest fear amid cancer scare

thelocalreport.in

Thelocalreport.in is a news website which includes national international,#sports,#wealth,#weather, #entertainment and other types of news.

© thelocalreport.in

Privacy Policy About Us Contact Us