logo
Mobile
Smartphones
Tablets
Smartwatch & Wearables
Telco
PC
Laptops
Monitors, Input Devices & Accessories
PC Components
Storage
Networking & Security
Lifestyle
Audio
Video
Photography
Smart Home
AI
Cars
Apps & Software
Entertainment
Gaming & Culture
TV & Movies
Guides
How To
Tips
DealsEditor's Picks
Follow Us
The Tech Show 2025 is on! Visit our Tech Show Portal for shopping guides, brochures and more!
Lifestyle

PSA: Some Apple users are being spammed with password reset notifications in an attack known as "MFA Bombing"

The only fix as of now is to be vigilant and extra careful. Read to find out how you can protect yourself.
#apple #security #appleid

By Kenny Yeo - 

Note: This article was first published on 28 March 2024.

(Image source: KrebsOnSecurity)

(Image source: KrebsOnSecurity)

Some Apple users are being targeted in an elaborate phishing attack that's been dubbed "MFA (multi-factor authentication) Bombing", which takes advantage of a bug in Apple's password reset mechanism and the fact that most people are impatient and careless.

How does the attack work?

The attack goes like this. A user being targeted with be inundated with "Rest Password" notifications on their Apple devices. On your iPhone, you might see a notification like the one pictured above, which also says "Use this iPhone to reset your Apple ID password."

To dismiss the notification, the user would have to go into each and every one of them and deny the request by clicking "Don't Allow." Parth Patel shared on X that he was recently the target of such an attack and received as many as 100 such notifications.

The idea is to frustrate the user and hopefully, they slip up and accidentally hit "Allow" instead of "Don't Allow." If the request is accidentally approved, the attacker will be able to remotely change the Apple ID password and lock the user out of their account and devices.

If this doesn't work, the attacker might then call the user, posing as Apple Support. During this call, the attacker will attempt to get the user to reveal a one-time password, which can then be used by the attacker to reset the user's Apple ID and lock the user out of their account and devices.

It appears that the attack relies on simply having access to the email address and phone number that's associated with the user's Apple ID. 

According to KrebsOnSecurity, these notifications are triggered by using Apple's page for a forgotten Apple ID password. This requires a user's Apple ID email and phone number. Once that's all filled in, it triggers the notification alert above. That said, it is unclear at this point how attackers are abusing the system to spam a user with multiple notifications. A bug is likely being exploited.

What to do if you are being targeted?

Unfortunately, there's no fix for this right now. If you do find yourself being targeted in this attack, calmly and patiently dismiss the notifications by tapping "Don't Allow".

And if you do receive a call claiming to be from Apple Support, know that Apple does not initiate outbound calls to customers unless a customer specifically requests to be contacted. Furthermore, Apple will never ask a customer for one-time password reset codes.

Source: @parth220 (X) via KrebsOnSecurity

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.

Tags

applesecurityphishingapple id
Share this article