Apple users targeted by new phishing attack to reset ID password

Share via:


There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques to flood Apple devices with password reset requests.

New phishing attack tries to convince users to reset their Apple ID password

As reported by Krebs on Security, entrepreneur Parth Patel was one of the victims of the new sophisticated phishing attack. Patel explained in a post on X that his iPhone and other Apple devices suddenly “started blowing up with Reset Password notifications.” However, since this is a system-level alert, it becomes impossible to use the device until you interact with it.

According to Patel, he was prompted by more than 100 requests to reset his Apple ID password. But the attack didn’t stop there. About 15 minutes later, the user received a call from someone spoofing the official Apple Support phone number.

“I was obviously still on guard, so I asked them to validate a ton of information about me, before answering any of their questions,” Patel said. To gain the victim’s trust, the person pretending to work for Apple Support shared multiple correct personal details, such as email, phone number, and current billing address.

Luckily, Patel was able to confirm that the call was a scam after asking the person to confirm his name. “I was tipped off that they used my data from People Data Labs in real time to validate a ton of information. Despite correctly stating all of my data, the phishers thought my name was Anthony S.”

For those unfamiliar, People Data Labs is a platform that collects and sells personal data. The platform was the target of a huge leak in 2019 that exposed around 1.2 billion records.

Never share your password reset code with others

What the attackers want is to convince the victims that something is wrong and that they need to share the code sent by Apple to reset their password. Of course, if the victim shares this code with someone else, that person can gain full access to the Apple ID.

Krebs on Security spoke to other Apple device users who were also targeted by the same phishing attack. In all cases, they were spammed with prompts to reset their Apple ID password and then received a call from fake Apple Support minutes or days later. It’s worth noting that Apple never calls users unless requested by the users themselves on its website or app.

Apple is yet to comment on the matter or release an update that prevents attackers from sending multiple password reset requests. For now, the best way to prevent attacks like this is to never share the code to reset your Apple ID password with other people.

Read also

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Apple users targeted by new phishing attack to reset ID password


There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques to flood Apple devices with password reset requests.

New phishing attack tries to convince users to reset their Apple ID password

As reported by Krebs on Security, entrepreneur Parth Patel was one of the victims of the new sophisticated phishing attack. Patel explained in a post on X that his iPhone and other Apple devices suddenly “started blowing up with Reset Password notifications.” However, since this is a system-level alert, it becomes impossible to use the device until you interact with it.

According to Patel, he was prompted by more than 100 requests to reset his Apple ID password. But the attack didn’t stop there. About 15 minutes later, the user received a call from someone spoofing the official Apple Support phone number.

“I was obviously still on guard, so I asked them to validate a ton of information about me, before answering any of their questions,” Patel said. To gain the victim’s trust, the person pretending to work for Apple Support shared multiple correct personal details, such as email, phone number, and current billing address.

Luckily, Patel was able to confirm that the call was a scam after asking the person to confirm his name. “I was tipped off that they used my data from People Data Labs in real time to validate a ton of information. Despite correctly stating all of my data, the phishers thought my name was Anthony S.”

For those unfamiliar, People Data Labs is a platform that collects and sells personal data. The platform was the target of a huge leak in 2019 that exposed around 1.2 billion records.

Never share your password reset code with others

What the attackers want is to convince the victims that something is wrong and that they need to share the code sent by Apple to reset their password. Of course, if the victim shares this code with someone else, that person can gain full access to the Apple ID.

Krebs on Security spoke to other Apple device users who were also targeted by the same phishing attack. In all cases, they were spammed with prompts to reset their Apple ID password and then received a call from fake Apple Support minutes or days later. It’s worth noting that Apple never calls users unless requested by the users themselves on its website or app.

Apple is yet to comment on the matter or release an update that prevents attackers from sending multiple password reset requests. For now, the best way to prevent attacks like this is to never share the code to reset your Apple ID password with other people.

Read also

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

iOS 18.2 just added a faster way to message...

iOS 18.2 came packed with a lot of...

A popular technique to make AI more efficient has...

One of the most widely used techniques to...

ICAI Says Probe Into Alleged Audit Lapses At BYJU’S...

SUMMARY ICAI president Ranjeet Kumar Agarwal has revealed that...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!