Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Krebs on Security
|
Contributed by: Drex DeFord
Summary
In a recent surge of phishing activities, Apple customers have become targets of sophisticated scams exploiting what seems to be a loophole in Apple's password reset feature. The attacks manipulate device notifications to flood victims with system prompts for password approval, subsequently followed by a call from scammers posing as Apple support to "verify" the user under the guise of security measures. Instances shared by entrepreneurs Parth Patel and a cryptocurrency hedge fund owner named Chris illustrate the alarming efficiency of these scams, involving a method known as "push bombing" or "MFA fatigue" attacks to overload users with verification requests. Despite efforts to mitigate these attacks, such as the implementation of an Apple Recovery Key, these incidents highlight significant concerns regarding Apple's system security and the effectiveness of current safeguards against sophisticated phishing campaigns.
