iPhone password reset attacks are real – how to protect yourself

iPhone password reset attacks are real – how to protect yourself

We're hearing more and more about password reset attacks being used to target Apple iPhone users.

As Mashable As reported last month, hackers are attacking iPhones through a method that infects them with password reset prompts. These hacking campaigns are also called MFA (multi-factor authentication) bombing or fatigue attacks.

These attacks are not new. Online reports about them have been shared for a few years. However, based on the online chatter around them, things seem to have escalated now.

Basically, in this attack, an iPhone user is asked to reset their Apple ID password through dozens of notification pop-ups. As the X user @part220 In his recap of the attack he shared, it disables the user's iPhone — unless the user selects the “don't allow” option for each password reset notification. Do not choose.

The attack moves it up a notch in the next phase. The hacker then creates an official Apple phone number and calls the target about the password problem, posing as an Apple employee. According to Kirbson Security, victims of the attack report that the malicious actor has personal data collected from the web about the target, allowing them to create a convincing facade as a genuine Apple employee. The hacker then uses this trust to remotely access the target's phone and its data.

However, iPhone users need not fall for it. A few shops, viz 9to5Mac, Now the MFA has issued guides on how to avoid becoming a successful target of a bomb attack.

And here's Mashable's guide to making sure you avoid falling victim to a password reset attack.

Avoid an iPhone password reset attack.

Do not rely on outbound calls.

This is a very important rule—and it's a tried-and-tested way to avoid getting hacked or scammed by a number of different attacks.

In this particular attack, a phone call from someone claiming to work at Apple is a key component in tricking their target. But take a moment to think about it. Why would Apple call you? When has Apple called you by itself when you're having genuine, legitimate technical difficulties? Never! Apple does not make outbound calls to users unless an Apple user calls them first and requests a callback.

As a rule of thumb, don't trust a call you receive claiming to be from a company, even if the number checks out because it could be a scam. If you're concerned about its legitimacy, hang up on the call you receive, visit the company's website, and call their official number back. Thus, because you started call, you know you are connected to the official number of the original company. After that, you can ask about your problem and check if they called you first. Often you will find that they did not.

As with many scam calls, the best way to be safe is to not answer a call from a number you are not familiar with. If it's important, let them leave a message. Then, if they say they are from Apple in the voicemail, you can call Apple's official phone number yourself directly to find out the supposed problem.

'Do not allow' password reset option

Password reset prompts are, at the same time, annoying and persuasive. These are the official system notifications you receive for legitimate issues.

But don't be fooled. A bad actor is trying to use these signals to gain access to your device. Click “Don't Allow” each time.

Eventually the attacker will give up.

Change your Apple ID phone number.

As 9to5Mac points out, users can also change the phone number associated with their Apple ID, which will stop these notifications.

This should really be a last resort as it will mess with your existing iPhone settings. For example, you won't be able to use features like iMessage or FaceTime until the number is reset.

Ideally, it won't come to that. Just don't give these attackers the time of day. If they see that they're wasting their time trying to get access to your phone, and you're not dropping notifications or answering their phone calls, they're a new target. will move towards

About the Author

Leave a Reply