Apple users are being targeted by a sophisticated phishing campaign aimed at seizing control of their Apple IDs through a method known as “push bombing” or “MFA fatigue” attack.
This method exploits the multi-factor authentication (MFA) system by inundating users with continuous notifications to approve password changes or logins. Its ultimate goal is to pilfer passwords and gain unauthorized access to personal information and devices.
Apple ID Push Bombing Attack
Entrepreneur Parth Patel recently found himself targeted by this phishing scheme, personally encountering the relentless barrage of system notifications across all his Apple devices, prompting him to approve a password reset.
These incessant prompts are not only irritating but strategically crafted to erode the victim’s resilience or catch them off guard, potentially resulting in inadvertent approval of the malicious request.
Enhancing the attack’s sophistication, phishers complement it with phone calls posing as Apple Support, employing caller ID spoofing to exhibit Apple’s authentic customer support number.
In Patel’s instance, the caller furnished precise personal details, barring his actual name, which were obtained from a people-search website notorious for inaccuracies in personal information.
This strategy bolsters the credibility of the phishing endeavor, aiming to coax victims into furnishing a one-time password sent to their device. This enables attackers to reset the Apple ID password and effectively lock out the user.
Krebs on Security, a renowned cybersecurity blog, recently documented a series of attacks directed at Apple users, referred to as “MFA Bombing.”
Chris, a cryptocurrency hedge fund owner, highlights the pivotal role of the phone number linked to Apple accounts in these attacks. Despite password changes and a new iPhone purchase, Chris persisted in receiving identical system alerts, indicating attackers exploit a vulnerability tied to the account’s phone number.
Cybersecurity enthusiast Orbs recently tweeted about the surge of “Push Bombing” attacks directed at Apple users by hackers and scammers.
Despite implementing preventive measures advised by Apple, including enabling a recovery key for his account, Ken discovered that the alerts persisted. This suggests a deeper issue within Apple’s system, allowing these password reset prompts to circumvent security enhancements.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment