KrebsOnSecurity, a security news and investigation website by Brian Krebs, has highlighted a concerning trend concerning phishing attacks on Apple accounts.
The emerging phishing attacks combine several multi-factor authentication messages, paired with social engineering tactics to take over user accounts.
Parth Patel, an X user, shared his experience of being targeted by the scheme, which affected all of his Apple devices, including his phone, watch and laptop (via MacRumors).
About 15 minutes later, they call me on my number, using Caller ID spoofing of the official Apple Support phone line (1 (800) 275-2273).
They really emphasized this detail to win trust from the victim.
I was obviously still on guard, so I asked them to validate a ton of… pic.twitter.com/Xi12VzrNy5
— Parth (@parth220_) March 23, 2024
All of his devices were bombarded with Reset Password notifications, and he had to deny over 100 of them to regain control of his devices. For reference, when a reset password notification pops up, you have the option to either allow or deny. Unless one action is performed, the device essentially remains bricked.
Following the notification barrage, victims receive calls from spoofed numbers posing as Apple support. Knowing very well that the potential victim is concerned about the barrage of password reset notifications, the scammers tell the victim that their account might be compromised, and seek to extract the one-time password reset code to ‘fix’ the issue.
The sophisticated attackers obtain user names, phone numbers, and Apple IDs via data leaks. “They got a lot right, from DOB, to email, to phone number, to current address, historic addresses,” said Patel. However, the fraudsters thought Patel’s name was Anthony S., and he caught on because he had queried himself in the past on several data leaks. Additionally, the fact that Apple’s one-time password message explicitly states not to share the code with anyone confirmed Patel’s belief.
If you’re being targeted by a similar attack, do not provide any information to callers identifying as Apple. Instead, reach out to Apple support yourself and explain the situation.
Header image credit: Shutterstock
Source:@parth220_, KrebsOnSecurity Via: MacRumors
