iPhone warning issued! Apple users are targeted by a phishing attack with fake password change requests

Spread the love


In a related development, Apple users have become the latest targets of a sophisticated phishing attack. The attack leverages a potential bug in Apple's password reset functionality that could result in notifications or multi-factor authentication (MFA) messages hitting users' devices.

An iPhone warning has been issued

The attack involves tricking users into accepting an Apple ID password change request. An attacker repeatedly prompts the target's iPhone, Apple Watch, or Mac with system-level password change confirmation texts. The goal is to deliberately trick the user into accepting the request or pester them with warnings until they click the accept button. An attacker gains control of the Apple ID after approval, thus preventing the user from accessing their account as reported by KrebsOnSecurity.

Because the attack is continuous, all connected Apple devices are unusable until each notice is ignored separately. Parth Patel took to Twitter to reveal how terrifying his experience was and how he had to delete more than 100 alerts to regain control over his gadgets.

Additionally, if the user resists clicking “Allow” on password change notifications the attackers resort to phone calls posing as Apple representatives. During these calls, victims are forced to reveal a one-time password sent to their phone number, further compromising their security.

Attackers exploit information leaked from people search websites, gaining access to users' names, addresses and phone numbers. Although the method sounds advanced, it relies on having access to the email address and phone number associated with the Apple ID.

According to KrebsOnSecurity's analysis, attackers bypass the system's intended functionality by exploiting Apple's Forgotten Apple ID password page. Attackers are able to send repeated messages to users by exploiting a bug in Apple's system despite the CAPTCHA function.

Apple device owners are advised to be vigilant and not accept suspicious password change requests. Additionally, since Apple does not make these requests over the phone, users should be wary of unwanted phone calls asking for one-time password reset codes.



Source link

Leave a Comment