Thanks for recording!
Sorry, there is an error with your request.
Apple users are warned to beware of an elaborate phishing attack in which scammers use recurring password reset requests and social engineering to try to gain access to Apple ID accounts.
The attack would possibly also involve calls from a fake phone number pretending to be a valid Apple support call.
Security journalist Brian Krebs first reported on the experience of tech entrepreneur Parth Patel, who published in X last March how he managed to fend off such an attack.
Patel said he believes scammers are collecting data such as your email address and open-source phone number data (OSINT) and private data aggregators to spam your Apple ID account with multi-factor authentication (MFA) password reset requests. through Apple’s website.
“Because they’re Apple’s system-level alerts, they save me from my phone, watch, or computer until I click ‘Don’t Allow’ to receive over a hundred notifications,” he said.
“At this point, it occurs to me that I’m a masked person or that someone is trying to mask me. “
While tapping Allow doesn’t grant quick access to an account, repeated device notifications appear to be a way to raise concerns before scammers call potential victims by pretending to be Apple Support.
Patel wrote that he won a call that appeared to be from an Apple number, in which the caller claimed that Patel was being attacked and needed to determine a one-time password (OTP) sent to his device.
But Patel said he was “obviously on guard” and asked the caller to check more nonpublic data before answering questions.
“They were given correct information, from date of birth, email, phone number, existing address, old addresses,” he said. however, they provided a name, which was a red flag.
Patel said he also reported that his data was pulled from a third-party tracking website.
He said he won a text message with a one-time password, but didn’t share it with the scammers.
If you provided the code, attackers could access your Apple ID account and lock it out.
Other social media users have also reported being targeted.
Apple says “hangs up”
The attacks have raised concerns about imaginable bugs in Apple’s password reset system, which appear to have allowed scammers to bombard some users with notifications to scare them into action.
Apple asks for the user’s email address or phone number and a successful CAPTCHA check to send a password reset request.
Paul Haskell-Dowland, a professor of cybersecurity at Edith Cowan University, said in the age of data: “The challenge for Apple is to fix the underlying mechanism that underpins so many password reset challenges and find a way to communicate the scam to users. , this does not worsen the challenge and, as a result, damages the reputation.
Apple did not respond to a request for comment, however, the company’s site says that if users are wary of unsolicited communications, “it’s safer to assume” it’s a scam and contact the company directly.
“Scammers use fake caller ID data to spoof phone numbers of corporations like Apple and pretend there’s suspicious activity on your account or device to get your attention,” Apple explains.
“Or they would possibly use flattery or threats to force you to force them to give them information, money, and even Apple gift cards.
“If you receive an unsolicited or suspicious phone call claiming to be from Apple or Apple Support, just hang up. “
Apple says users can also set up a recovery key or recovery contact, which can help them regain access to their account if they’re locked out.
Professor Haskell-Dowland says that while users deserve to be wary of unsolicited communications at all times, the criminals behind such scams “are very capable, motivated, and determined,” and victims can be “of any and all ages and demographics imaginable. “
“By reporting incidents, we develop the ability to block scams, crimes that need to be investigated, and at the very least the ability to prevent losses,” he says.
Tom Williams is a senior journalist at Information Age, with key interests in customer generation, synthetic intelligence, gaming, space, and cybersecurity. In the past, he was a virtual reporter at ABC News, where he covered generation and breaking news.