iPhone users getting password reset notification, here is what you can do if you receive it too

Apple users are currently facing the threat of a new online scam designed to hijack personal data. This scam specifically targets iPhone users by exploiting the Apple ID password reset system. Scammers deluge victims with seemingly authentic prompts on their devices, urging them to reset their passwords. Known as "MFA bombing" or "push bombing," this tactic seeks to deceive users into giving up control of their accounts.

The scam unfolds systematically. Initially, victims receive emails or messages that mimic official Apple communications, alerting them to security threats and demanding immediate action. The sense of urgency induces panic, compelling users to click on the provided link. Clicking the link redirects them to a sophisticated fake Apple website, where they are duped into entering their login details, thereby surrendering their accounts to the scammers.

The deception, however, does not end there. Some victims have reported a continuous barrage of password reset notifications on their Apple devices. These alerts can render the device unusable until addressed, thereby heightening the user's anxiety. Exploiting this anxiety, scammers often make phone calls while posing as Apple support. By leveraging stolen personal information to enhance their believability, they attempt to persuade the victim into revealing a one-time code sent to their device. Acquiring this code allows the scammers to change the password and gain complete control over the Apple ID, potentially leading to data theft or the locking out of the device.

While the concern is serious, users can still prevent any mishap from happening. Here are some safety tips to protect yourself from iPhone password reset attacks.

How to protect yourself from iPhone password reset attacks

1. Don't be fooled by constant prompts: The sheer volume of prompts is a key tactic attackers use to wear users down. Remember, even though these prompts come from your iPhone itself, they are triggered by malicious activity. Always choose "Don't Allow" for every single reset request.
2. Resist the urge to answer calls: Attackers may use call spoofing to make their incoming number appear as legitimate Apple Support. They might even attempt to verify personal information, further adding to the scam's legitimacy. If you receive a call about your Apple ID password reset, even if the caller ID seems real, don't answer. Instead, directly call Apple Support at 1-800-275-2273 (US) to verify any concerns. Remember, Apple will never initiate outbound calls unless you explicitly request them to do so. Most importantly, never share any one-time passcodes (OTPs) with anyone.
3. Consider temporarily changing your phone number: If the password reset prompts continue relentlessly, changing the phone number associated with your Apple ID might be a temporary solution. However, this step can disrupt essential services like iMessage and FaceTime.

Is Apple addressing the issue?

While some advise activating the Recovery Key feature as a solution, experts at Krebs on Security have confirmed this does not stop the reset prompts. However, Apple has acknowledged the issue. According to 9to5Mac, an Apple spokesperson confirmed the company is aware of these recent phishing attacks and is actively working to address the problem.

However, up until Apple fully resolves this vulnerability, iPhone users should remain vigilant. Remember, it's always safer to decline reset requests and contact Apple directly if you have any concerns.