Apple Users Targeted With MFA Bombing Attacks

(RTTNews) - Apple Inc. (AAPL) users have recently been facing a new and troubling threat known as multi-factor authentication or MFA bombing attacks or push notification spam.

This tactic, as described by Brian Krebs at Krebs on Security, involves a continuous stream of MFA requests being sent to users, prompting them to reset their Apple ID passwords.

By clicking "Allow," users are unwittingly allowing hackers to gain access to their Apple ID passwords and seize control of their accounts, which can affect all devices linked to the same ID. This attack strategy aims to induce panic and elicit compliant responses by sending a deluge of notifications and MFA messages to trick users into resetting their passwords.

Once this is done, attackers follow up with spoofed calls masquerading as Apple representatives, seeking sensitive information under the guise of protecting the victim's account from the ongoing attack. The ultimate goal is to acquire a one-time code to confirm a password reset or login attempt.

Parth Patel, a startup founder in the AI industry, shared his experience on X about how all of his Apple devices were bombarded with over 100 notifications requesting permission to reset his Apple password. These notifications were so urgent that they effectively locked up his devices until he addressed them. The attackers mimicked the official Apple helpline and requested an OTP that Patel had just received via text, emphasizing that it should not be shared with anyone.

Another individual reported to Krebs that they experienced similar reset notifications over several days, followed by a call claiming to be from Apple support. After hanging up and verifying with Apple directly, it was confirmed that no support issue existed.

These accounts, along with others detailed on Krebs' platform, highlight the necessity for Apple to implement restrictions on password resets or enhance access control measures. Since phone number spoofing is common, the safest action is to end the call and contact Apple support directly. Under no circumstances should a one-time code be shared with anyone, and Apple users need to take the necessary precautions to protect their accounts and devices from these insidious attacks.