Phishing alert
This is how Apple customers can currently protect themselves
A new scam is targeting Apple customers. What the push notification bombardment means and how to protect yourself.
The scam
The scammers’ tactic is to use the Apple ID reset form to spread their fraudulent requests. All they need is the victim’s email address and phone number. Since the Apple ID is used on all linked devices, they will receive all notifications and become temporarily unusable. Each of these requests must be rejected individually.
The scammers hope that their victims will accept one of these requests. Failing that, they move on to the next step and contact the victims by phone, posing as Apple employees who have been informed of the attacks. They then request a one-time password, which is used to reset the password.
Call from Apple Support? Apple says “Just hang up”
If a request is accepted or the one-time password is shared, the attackers can block access to the Apple account, access stored data and remotely wipe the devices. It appears that the scammers are exploiting a vulnerability in Apple’s system. How exactly they manage to send so many reset requests is currently unclear.
To protect themselves, Apple users should decline all requests and not provide any personal information over the phone until the issue is resolved, as legitimate Apple employees would never ask for a one-time password. Apple itself advises one when calling from alleged Apple employees Phishing Guide to just hang up. The group also offers a system for reporting phishing attacks and suspicious Facetime calls. In Germany, the consumer advice center also provides one Phishing radar available where you can report the attacks.