Hey there, Apple users! Brace yourselves, because there’s a new phishing attack that specifically targets you. According to a recent report from KrebsOnSecurity, hackers are taking advantage of a bug in Apple’s password reset feature to deceive users into changing their Apple ID passwords. How does it work? Well, the attacker bombards the target with a never-ending stream of notifications or multi-factor authentication messages, hoping that the overwhelmed user will either approve the password change or simply give in to the annoyance and click on the accept button. And if that happens, the attacker gains control of their Apple ID and locks them out of their own account. Sounds scary, right? But don’t worry, we’ve got some tips to help you stay safe.
Background Information
Phishing attacks targeting Apple users have become increasingly common. These attacks take advantage of a bug in Apple’s password reset feature, causing users to receive an endless stream of notifications or multi-factor authentication (MFA) messages. The goal of these attacks is to trick users into approving an Apple ID password change. These attacks pose a significant threat to Apple users and their devices.
Attack Method
The attackers use various methods to carry out their phishing attacks. One common approach is bombarding the targeted user with a continuous stream of notifications or MFA messages. These messages appear to be system-level password change approval texts, and the attackers hope that the user will inadvertently approve the request or become frustrated with the notifications and click the accept button. By obtaining approval, the attacker can change the Apple ID password and lock the user out of their account.
Affected Devices
Apple users with iPhones, Apple Watches, or Macs are vulnerable to these phishing attacks. Since the password change requests target the Apple ID, the notifications appear on all connected devices. This means that all linked Apple products become unusable until the user dismisses the popups on each device individually.
Consequences of Approval
If a user unknowingly approves the password change request, the consequences can be severe. The attacker gains control of the user’s Apple ID and can change the password, effectively locking the user out of their account. This puts the user’s personal data and any connected services at risk. Recovering the account becomes challenging, requiring additional steps to regain access.
Notification Popups
The phishing attack relies on the use of notification popups that appear on all connected Apple devices. These popups render the devices unusable until the user dismisses them individually. This barrage of notifications can be overwhelming, as Twitter user Parth Patel experienced. He shared his unfortunate encounter with the attack, where he had to dismiss over 100 notifications before regaining the use of his devices.
User Experience
Parth Patel’s account highlights the frustrating user experience caused by these phishing attacks. With his devices bombarded by repeated notifications, he couldn’t use them until he manually dismissed each one. This inconvenience and disruption to productivity can significantly impact the user’s daily life and work. It is essential for Apple users to be aware of these attacks and take appropriate protective measures.
Phone Calls from Attackers
When the attackers are unable to get the user to click “Allow” on the password change notification, they often resort to phone calls posing as Apple representatives. These calls aim to deceive the user further by claiming that the victim is under attack. The attackers then attempt to obtain the one-time password sent to the user’s phone number for the password change. Apple users must be cautious and understand that Apple does not make phone calls to request one-time password reset codes.
Attacker’s Information Source
In Parth Patel’s case, the attacker was able to obtain his personal information from a people search website. This leaked information included his name, current address, past address, and phone number. With access to this data, the attacker had enough information to attempt unauthorized access to Patel’s Apple account. However, the attacker made mistakes, including getting Patel’s name wrong and asking for a one-time code that Apple explicitly advises against providing.
Exploiting Apple’s Forgotten Apple ID Password Page
The attackers appear to exploit Apple’s forgotten Apple ID password page to carry out their phishing attacks. When accessing this page, users are required to enter their Apple ID email or phone number and go through a CAPTCHA verification process. Interestingly, entering an email address on this page reveals the last two digits of the associated phone number. By filling in the missing digits and submitting, a system alert is triggered.
The attackers’ ability to send multiple messages to Apple users through this system is likely due to a bug being exploited. It is improbable that Apple’s system is designed to send more than 100 requests to users. This exploit allows the attackers to bypass the rate limit and inundate users with notifications.
Protective Measures
To protect yourself from these phishing attacks, it is crucial to be vigilant and take certain precautions. Firstly, when faced with a password change request notification, always tap “Don’t Allow” to prevent unauthorized access to your Apple ID. Remember that Apple does not make phone calls to request one-time password reset codes, so be skeptical of any such calls claiming to be from Apple.
Additionally, it is crucial to safeguard your personal information. Limit the exposure of your email address and phone number, as these are key pieces of information used by attackers. Regularly review your privacy settings and ensure that your personal details are not easily accessible on public platforms.
By staying informed, being cautious, and taking preventive measures, you can protect yourself and your Apple devices from falling victim to these advanced phishing attacks. Stay vigilant and prioritize the security of your online presence to safeguard your digital life.
