Apple users are being targeted by an elaborate and annoying phishing scam that aims to change their password and lock them out of their devices, according to a new report from Krebs on Security. In some cases, the scammers have even called individuals and pretended to be Apple Support.
The scam purportedly begins with a barrage of system notifications asking the Apple user to reset their Apple ID password, Krebs on Security explained. Because the messages received are system notifications, users can’t do anything else with their phones until they approve or deny each request. The attack doesn’t end there, though.
Even if users deny all the password reset requests—one user reported receiving more than one hundred requests on X, formerly known as Twitter—scammers have an ace up their sleeves. Parth Patel, a startup founder, said he received a call from a person claiming to be from Apple Support 15 minutes after he denied all the password reset requests he received. The number they called from was Apple’s official support number, which he later confirmed was a spoof, a process by which bad actors can trick caller ID into displaying a different name or phone number.
The attackers made a led high effort focused attack on me, using OSINT data from People Data Labs and caller ID spoofing.
First, around 6:36pm yesterday all of my Apple devices started blowing up with Reset Password notifications.
Because these are Apple system level alerts,… pic.twitter.com/vX1AZvoVoN
— Parth (@parth220_) March 23, 2024
Patel states that he was still on guard after receiving the password reset requests, so he asked the purported Apple Support representative to confirm some of his data.
“They got a lot right, from DOB [date of birth], to email, to phone number, to current address, historic addresses…” Patel said on X. However, he figured out the call wasn’t really from Apple Support when the scammers got his name wrong. “Despite correctly stating all of my data, the phishers thought my name was Anthony S.”
Patel explained that the name “Anthony S” rang a bell because it matched with data on him compiled by People Data Labs, a people search website, or data broker, that compiles data on individuals from various sources and sells it. Patel said he knew the data was from People Data Labs because he had run a search for his name with them before, stating: “I distinctly remember them mixing me up with a midwestern elementary school teacher named Anthony S.”
The purported Apple Support representative proceeded to ask Patel for the one-time passcode sent to his phone, which he did not provide. Doing so or clicking allow on any of the password reset requests sent to his phone previously would have allowed the scammers to reset his password and lock him out of his devices, Krebs on Security stated. They also would have been able to delete all of Patel’s data remotely.
In his post on X, Patel said he isn’t the only one who has been on the receiving end of these phishing attacks, adding that many of his friends have been targeted, too. Krebs on Security found two more cases of people whohad been targeted by these phishing attacks.
According to Krebs on Security, the scammers appear to be exploiting a bug in Apple’s password reset feature, though that’s just a theory at this point.
When reached by Gizmodo, Apple declined to comment on the phishing attacks, instead directing Gizmodo to one of its support articles on recognizing phishing attacks.
“Scammers use fake Caller ID info to spoof phone numbers of companies like Apple and often claim that there’s suspicious activity on your account or device to get your attention,” the Apple support article reads. “If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up.”
For the latest news, Facebook, Twitter and Instagram.