Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Apple Users

Showing Original Post only (View all)

hlthe2b

(102,667 posts)
Wed Mar 27, 2024, 04:29 PM Mar 27

New password reset attack targets Apple device users - what to do if it happens to you (ZD-Net) [View all]

Please don't be a victim.... I tried to include the most important bits of the article, but best to read the full link

https://www.msn.com/en-us/money/other/new-password-reset-attack-targets-apple-device-users-what-to-do-if-it-happens-to-you/ar-BB1kE7xL?ocid=msedgdhp&pc=LSJS&cvid=7de468e2bbaf46ba95eecde51e45da20&ei=12

Apple device owners are facing a new phishing hack that uses "multi-factor authentication (MFA) bombing" to steal their data.

Several Apple users in recent days have reported a hacking attempt that appears to take advantage of Apple's password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple's password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password. Pressing the "Allow" option gets the scammers one step closer to resetting the user's credentials because that device could then be used to create a new Apple ID password. Unfortunately, tapping "Don't Allow" on all the notifications doesn't solve the problem.

After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple's support team, according to the report. Their goal was to send a password reset code to the user's device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user's account.
--snip--

For now, if you're an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn't initiate, be sure to always choose the "Don't Allow" option on the notifications. Don't be tempted to choose "Allow" simply because the notifications aren't allowing you to use other apps or services on your device -- a core component in the fraudsters' plan. Even if you don't choose "Allow," be prepared for a call and be sure not to answer it.

Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple's actual support line that the scammers are spoofing to make their calls seem legitimate), don't pick up and definitely don't provide any information to the caller.
16 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Latest Discussions»Culture Forums»Apple Users»New password reset attack...»Reply #0