We're hearing more and Horrormore about password reset attacks being used to target Apple iPhone users.
As Mashablereported last month, hackers are attacking iPhones via a method that inundates them with password reset prompts. These hacking campaigns have also been called MFA (multi-factor authentication) bombing or fatigue attacks.
These attacks aren't new. Reports about them online have been shared for a few years now. However, based on online discussions around them, there seems to be an uptick in cases now.
Basically, in this attack, an iPhone user is asked through dozens of notification pop-ups to reset their Apple ID password. As X user @parth220shared in his retelling of being the target of this attack, this renders a user's iPhone inoperable — unless the user chooses the "Don't Allow" option for every reset password notification.
This Tweet is currently unavailable. It might be loading or has been removed.
The attack takes it up a notch in the next step. The hacker then spoofs an official Apple phone number and calls the target about the password issue, presenting themself as an Apple employee. According to KrebsonSecurity, individuals impacted by the attack report that the malicious actor possesses personal data gleaned from the web about the target, enabling them to construct a persuasive facade as a genuine Apple employee. The hacker then attempts to use that trust to gain access to the target's phone and its data remotely.
However, iPhone users don't have to fall for this. A few outlets, such as 9to5Mac,have now put out guides on how to avoid being a successful target of a MFA bombing attack.
And here's Mashable's guide to making sure you avoid being a victim of the password reset attack.
This is an extremely important rule — and it is a tried-and-tested method to avoid getting hacked or scammed in a multitude of different attacks.
In this particular attack, the phone call from someone claiming to work at Apple is a key component to scamming their target. But take a moment to think about this. Why would Apple call you? When has Apple ever called you before on their own when you are going through real, legit technical difficulties? Never! Apple doesn't make outbound calls to users without an Apple customer calling them first and requesting a callback.
As a rule of thumb, don't trust a call you receive claiming to be from a company, even if the number checks out because that can be spoofed. If you're worried about it being legit, hang up on the call you received, go to the company's website, and call their official number back. That way, because you initiatedthe call, you know you are actually connected to the real company's official number. Next, you can ask about your issue and check if they actually called you first. Very often you'll find out that they did not.
With so many scam calls, the best way to be safe is to just not answer a call from a number you're not familiar with. Let them leave a message if it's that important. Then, if they say they are from Apple in the voicemail, you can just directly call Apple's official phone number yourself to check on the supposed issue.
The password reset prompts are, at the same time, annoying and convincing. These are the same official system notifications you receive for legitimate issues.
But don't be fooled. There's a bad actor trying to use these prompts to gain access to your device. Click "Don't Allow" each and every time.
Eventually, the attacker will give up.
As 9to5Mac points out, users can also change the phone number connected to their Apple ID, which will stop these notifications.
This should really be a last resort as this will mess up with your current iPhone settings. For example, you won't be able to use features such as iMessage or FaceTime until the number is set back.
Ideally, it won't come to this. Just don't give these attackers the time of day. If they see that they are wasting their time trying to gain access to your phone, and you aren't falling for the notifications nor answering their phone calls, they will very likely move on to a new target.
Topics Cybersecurity
Here are the glorious proposed logos for Donald Trump's Space Force
Man leaves scathing TripAdvisor review of hipster restaurant, gets served ice cold revenge
Woman gave birth in the back of an Uber and got $220 worth of credits
Everything Amazon announced at its September event
Skype is finally shutting down
Everything coming to Netflix in October 2020
'Console Wars' on CBS All Access review: Big style, short on substance
Guy scored his first Tinder date using a poem and we are as surprised as he is
Analyzing Graphics Card Pricing: May 2018
Adorable kitten travels the world in an epic Photoshop battle
Trump delays TikTok ban for another 75 days
Julia Louis
McCain decries the secretive Senate process he approved with a vote
Aesthetic iOS 14 home screens that'll inspire you to customize your iPhone
Amazon Fire TV Stick 4K deal: Get 40% off
Everything coming to HBO Max in October 2020
Send help. An 'unusually aggressive squirrel' is terrorizing Brooklyn.
'The Fresh Prince of Bel
Sony launches new flagship XM6 headphones: Order them now
There's no ban on carrying comics—or any other type of books—in checked bags
How to approach Star Wars if you've never seen Star Wars5 extremely weird scenes that were cut from the new Beauty and the BeastHow to hack the color of Star Wars: Galaxy's Edge lightsabersThe Fleshlight Launch is basically a giant robot hand you can humpWe can't stop making these 10 stupid grammar mistakes according to MicrosoftWhat to stream when you're home for the holidays in 2019Facebook unveils plan to fight interference in 2020 CensusSlovenia is honoring its beloved Melania Trump with her own wineYour smartphone is probably being tracked—and it's not hard to figure out who you areThe oceans absorbed an unfathomable amount of heat this decadeApple looks into beaming data to iPhones from satellites, report claimsSlovenia is honoring its beloved Melania Trump with her own wineBird staring at itself in this window is not having an existential crisisThe weirdest versions of 'A Christmas Carol'Study: Bing search results suck in entirely new and profound waysThese cute little succulents look like bunnies throwing up the peace signI hate the opening text crawls in the Star Wars moviesCompany says it can extract email addresses and passwords from locked iPhonesMark Hamill brutally shuts down Trump staffer in 1 tweetLyft incorrectly flags users with real names, like Dick, as offensive Hawaii hits one month of lava flows, and shows no signs of relenting The 'Crimes of Grindelwald' script cover is hiding a big clue Apple Watch can now play podcasts, become a walkie We have decided to stan Pete Davidson and Ariana Grande The Best of Nextdoor is the happiest place on the internet right now Apple launches macOS Mojave with Dark Mode, support for some iOS apps Drone with umbrella covers you from above, but it's too noisy Safari update will make it harder for Facebook to track you Tom Cruise shares photo teaser for 'Top Gun: Maverick' Electric cars get a big charge with states, car makers investing more 'Wreck A1 releases meat Hari Kondabolu's 'Warn Your Relatives' is a detox from hate speech New MacOS 10.14 features appear to leak ahead of WWDC 2018 Ticketfly hacker demands bitcoin ransom Lenovo will unveil the bezel Alert: Netflix takes requests for shows and movies Parkland teens are going on a summer tour with March for Our Lives Apple spotlights developers making a difference ahead of WWDC Google Assistant and Alexa might be coming to Xbox One