iPhone owners are being warned of a sophisticated phishing attack that aims to lock them out of their Apple accounts. Several individuals have reported falling victim to this elaborate scheme, which involves cybercriminals bombarding devices with notifications to approve a password change. Once the user clicks ‘Allow’ in an attempt to stop the onslaught of alerts, they are hit with a fake call from scammers posing as ‘Apple Support’.
One such victim, Parth Patel, shared his experience, noting that all his Apple devices were inundated with notifications requesting a password reset. The attackers exploited a bug that allowed them to send legitimate-looking system alerts, prompting users to approve the password change. This tactic is designed to overwhelm the victim and coerce them into clicking ‘Allow’ out of sheer frustration.
Following the barrage of notifications, the scammers then place a spoof call, furthering the illusion of legitimacy by displaying the official Apple Support phone number on Caller ID. In Patel’s case, the fraudsters possessed a wealth of personal information, including his date of birth, email, phone number, and addresses. They even correctly identified this information during the call, despite mistakenly referring to him as ‘Anthony S.’
This multi-pronged phishing attack culminates in the scammers requesting the victim’s one-time password, which is typically used for account security measures. In Patel’s instance, he received a one-time Apple ID code in his iMessages, which the attackers attempted to acquire during the spoof call. Had he divulged this code, the scammers would have gained unrestricted access to his Apple ID account, potentially resulting in significant data loss and privacy violations.
It’s essential for iPhone users to exercise caution and vigilance when faced with unsolicited password change requests and suspicious calls from purported Apple representatives. Implementing two-factor authentication and refraining from sharing one-time passwords are crucial steps in safeguarding against such phishing attempts. By remaining attentive and discerning, individuals can mitigate the risk of falling prey to these increasingly sophisticated cyber threats.