Several Apple iPhone users are reportedly getting dozens of system-level password reset requests on their devices as part of a new sophisticated phishing scam dubbed 'MFA Bombing'. These prompts may prevent those affected from using their devices until they respond to each prompt. According to a blog post by Kerbs on Security, the phishing attack may be using a bug in Apple's password reset feature to send several prompts to users. If you accidentally press the 'Allow' button or have managed to deny all password reset requests, the scammers might then call individuals spoofing Apple's official support number. Acting as Apple Support representatives, they tell users their account is under attack and they need to verify themselves by sharing a one-time code. If you share it, the scammers will be able to log out of all your Apple devices and even remotely wipe them. Last night, I was targeted for a sophisticated phishing attack on my Apple ID. This was a high effort concentrated attempt at me. Other founders are being targeted by the same group/attack, so I’m sharing what happened for visibility. 🧵 Here’s how it went down: — Parth (@parth220_) March 23, 2024 According to a recent post on X by Parth Patel, the scammers asked him to share the one-time code, which he promptly denied and asked the fake Apple representative to verify personal information like his current address, historic addresses, email, phone number and date of birth. Patel says that even though the scammer managed to get most of the information right, he found out that the call was fake after the scammers referred to him as an Anthony S. How do I protect myself from MFA Bombing? Since the password reset requests come in the form of system-level notifications, there is currently no way to deal with them except to press the 'Don't Allow' button every time it pops up. In case you happen to press 'Allow' and the attackers ask for the one-time code over call, you can tell them that you will call back them on the official Apple support number. Also, no official Apple representative will tell the user their personal information to verify themselves, so if the person on the other end of the line does, they are likely spoofing the official Apple support number. Another thing you can do to protect yourself from such attacks is enable the 'Apple Recovery Key' option, which uses a lengthy passcode that prevents attackers from resetting your Apple account password.
