Skip to main content

Watch out! Dangerous Phishing Attack Targets iPhone Users

Watch out! Dangerous Phishing Attack Targets iPhone Users
Watch out! Dangerous Phishing Attack Targets iPhone Users (Photo: Adi Fida Rahman/detikINET)

 - Users of iPhones and other Apple devices are asked to be alert to phishing attacks that are not only dangerous but also annoying. The reason is that this attack sends notifications hundreds of times, making the iPhone unusable. 

This latest phishing attack exploits a bug in the Apple ID password reset feature. Attackers use 'push bombing' or 'MFA fatigue' methods to flood Apple devices with requests to reset passwords. 

According to the Krebs on Security report, entrepreneur Parth Patel was one of the victims of this phishing attack. In his post on X, Patel explained that his iPhone and other Apple devices were suddenly flooded with notifications asking to reset the password. 

Because this notification is a system-level alert, Patel's iPhone and other Apple devices cannot be used until he allows or denies the request. Patel said he received more than 100 notifications to reset his Apple ID password. 

Not only that, about 15 minutes later Patel admitted that he received a call from someone who faked the official Apple Support telephone number and pretended to be customer service. In order for the victim to believe, the fraudster can provide Patel's personal information in sufficient detail. 

This personal information was obtained from the People Data Labs database which was leaked in 2019. Fortunately, Patel was able to find out that the phone call was a scam after the fraudster who contacted him could not confirm his name. 

"Even though I was able to state all my data correctly, the phisher thought my name was Anthony S.," said Patel, as quoted from 9to5Mac, Thursday (28/3/2024). 
The fraudster also asked Patel to share the OTP code that had just been sent. If Patel shares the OTP, the Apple ID password can be changed by fraudsters so that it cannot be accessed by the original owner and the data can be deleted remotely. 

Patel is not the only victim of this sophisticated phishing attack. A number of other iPhone users who spoke to Krebs on Security said they experienced the same thing as Patel starting with spam password reset notifications followed by phone calls from fake Apple Support. 

Please remember that Apple never contacts users first, unless requested by the user themselves via the website or application. Apple has also not commented on this issue or released an update to fix it, so users are advised not to share the OTP code for resetting the password with others. 

Comments