Apple Users Plagued by Password Reset Phishing Scams

Apple Users Plagued by Password Reset Phishing Scams
Learn how to protect yourself from the recent surge in phishing scams targeting Apple users, involving sophisticated attempts to reset passwords and steal personal information.

In recent times, a surge in phishing attacks targeting Apple users has raised alarms across the tech community. These sophisticated scams manipulate Apple’s password reset features, overwhelming users with a barrage of notifications and multi-factor authentication (MFA) messages. This flood of prompts is designed to sow panic, making individuals more susceptible to subsequent social engineering attempts.

The essence of the scam involves an attacker triggering an onslaught of system-level password change approval notifications across all devices linked to a victim’s Apple ID. This effectively paralyzes the use of affected devices until each notification is manually dismissed. Following this, the scammers, posing as Apple through spoofed phone numbers, contact the victims. They falsely claim that the user’s account is under attack and coax them into divulging sensitive information, such as one-time codes meant for confirming password resets or login attempts.

Such attacks are not random but are based on detailed personal information likely sourced from database leaks or other illicit means. It appears the attackers require at least the email address and phone number associated with an Apple ID to commence their scheme. Further, they might also have access to the Apple ID password itself.

Security experts warn that the next phase of the attack often involves social engineering. Attackers may call the victim, with their caller ID spoofed to appear as Apple’s official support line. Using personal information scraped from data leaks or people search websites, the attackers may seem convincing. They may pressure the victim to provide a one-time password reset code, granting them full access to the account.

Research into these incidents suggests that attackers exploit Apple’s forgotten Apple ID password page, where only the user’s Apple ID email or phone number and a CAPTCHA response are needed to initiate a password reset request. This exploitation likely involves bypassing system limitations to send excessive notifications, a tactic not intended by Apple’s design.

Apple users are advised to approach unsolicited communications with skepticism, especially if they prompt urgent actions or request sensitive information. Apple’s official guidance stresses that legitimate communications from the company will never ask for personal details like Apple ID passwords, Social Security numbers, or credit card information in such a manner. To combat these phishing attempts, users are encouraged to utilize two-factor authentication and remain vigilant against unsolicited emails, messages, and phone calls pretending to offer support

Tags

About the author

Avatar photo

Shweta Bansal

An MA in Mass Communication from Delhi University and 7 years in tech journalism, Shweta focuses on AI and IoT. Her work, particularly on women's roles in tech, has garnered attention in both national and international tech forums. Her insightful articles, featured in leading tech publications, blend complex tech trends with engaging narratives.

Add Comment

Click here to post a comment

Follow Us on Social Media

Web Stories

5 Best Smartphones Under 30,000 in India 2024 5 Best Offline Games to Enjoy Without an Internet Connection 5 Best 5G Phones Under ₹20,000 You Can Buy Right Now Top 5 OTT Releases This Week (Oct 21-27): Zwigato, Hellbound Season 2 & More Streaming Now 5 Best Camera Phones Under ₹60,000 in October 2024 Top 4 Noise Cancelling Headphones Under 40000 in October 2024