Some Apple users report being targeted in “MFA bombing” attacks, in which phishers inundate their devices with alerts to approve a password change or login
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature.
Krebs on Security Brian Krebs
Related Coverage
- Apple users targeted by incredibly annoying ‘Reset Password’ attack Mashable · Stan Schroeder
- Apple customers are being targeted by “MFA Bombing” password reset attack XDA Developers · Usama Jawad
- iPhone alert issued! Apple users being targeted by phishing attack with fake password change requests Hindustan Times · Mohammad Rehan Khan
- Security alert: Apple users targeted by this threat right now Finbold · Darija Gvozderac
- Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests MacRumors · Juli Clover
- 'I couldn't do anything else' cries iPhone owner over elaborate phishing attack that locks users out of Apple accounts The Sun
- Watch out, iPhone owners: this dangerous phishing attack could lock you out of your Apple devices TechRadar · Alex Blake
- Apple users face barrage of MFA bombing attacks Cybernews.com · Gintaras Radauskas
- Apple Users Hit by Phishing Attacks Exploiting System Glitch iPhone in Canada Blog · John Quintet
- BrianKrebs (@briankrebs@infosec.exchange) — Here's a question I really want to know the answer to … Infosec Exchange
- Apple Users Get Hit by MFA Bombing Attacks That Exploit System Glitch The Mac Observer · Ronil Thakkar
- Beware of Attacks Using Password Reset Request Notifications TidBITS · Adam Engst
- @briankrebs Apple already has that information but it isn't presented to the user during the incoming call. It is shown in Recents (see screenshot) as a checkmark but that is too late to be useful. Hopefully Apple will promote the capability to display during an incoming call as Apple gains confidence in the reliability of the carrier's verification. … @danwing@infosec.exchange
- Here's a question I really want to know the answer to: The spoofed calls are spoofing Apple's REAL customer support number as displayed on Apple's iPhone. I realize Apple isn't the phone company and doesn't technically have that relationship with the customer … @briankrebs@infosec.exchange · BrianKrebs
- Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don't Allow” to each prompt. … @briankrebs@infosec.exchange · BrianKrebs
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users Hacker News
- Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests MacRumors Forums
Discussion
-
@parth220_
Parth
on x
Last night, I was targeted for a sophisticated phishing attack on my Apple ID. This was a high effort concentrated attempt at me. Other founders are being targeted by the same group/attack, so I'm sharing what happened for visibility. 🧵 Here's how it went down:
-
@mattjay
Matt Johansen
on x
@parth220_ Check this thread where @parth220_ faced 100+ notifications across his Apple devices, a classic sign of ‘push bombing’ Despite his vigilance, the fake support call he received knew disturbingly accurate personal details.