If you’re receiving strange requests to reset your Apple password, beware, it may be an attempt to phishing. A new, unprecedented attack that can wreak havoc.
Several Apple users recently reported being the target of a new kind of phishing attacks. These involve what appears to be a malfunction in their Apple ID password reset procedure. But should we give in to the numerous notifications? (Spoiler: no).
Prompts to reset your Apple ID password
The attack highlighted by Path Patel and Krebson Security is rather simple: flood the user with notifications inviting them to reset their Apple account password. The latter is displayed on the victim’s iPhone, but also on their iPad, their Mac, their Apple Watch, etc.
But how do you send incessant notifications to an Apple user? Quite simply by going to the dedicated official platform, and requesting a password reset, using the victim’s email or telephone number, which we have taken care to steal beforehand.
A fairly new (and rather tiring) method
The reset request may be followed by a phone call, appearing ” official “. This is obviously not the case, and the aim of the call is only to extract a one-time code from the victim, which will allow the scammers to take possession of the user’s account.
“ Some people may end up clicking “Allow” when faced with incessant password reset prompts, if only to be able to use their phone again “, explains Path Patel. So be wary.
This is explained by Path Patel, who indicates that he was contacted by Apple after refusing all notifications on his iPhone. Once the account is in the possession of hackers, they can demand a ransom to recover it and/or delete it permanently.
Source : Krebson Security
0