ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / ECONOMY & WORK

Think Twice Before Hitting ‘Allow’ on Your iPhone—It Could Be a Scam

The main idea of the scam is to bombard the target's phone with several push notifications in hopes that the target will press the allow option.
PUBLISHED MAR 28, 2024
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street

A new Apple ID spearphishing campaign that uses "push bombing" or "MFA Bombings" has been targeting several tech professionals over the last few weeks. The core concept of the scam involves bombarding the victim's phone with numerous push notifications, commonly referred to as Multi-Factor Authentication (MFA) notifications. The aim is to induce the victim to inadvertently grant permission by selecting "Allow" instead of "Don't Allow" at least once.

Image Source: Photo by PhotoMIX Company | Pexels
Image Source: Photo by PhotoMIX Company | Pexels

Tech professional Parth Patel recently shared his encounter with a scam on X, recounting the onslaught of push notifications across all his Apple devices. These notifications suspiciously requested permission to reset his Apple ID password, raising red flags. What alarmed him most was that these notifications appeared to be "system-level notifications."

Patel found himself bombarded with over 100 push notifications. After clearing them, he received a call from a fake caller ID posing as Apple's legitimate support line, asking for an OTP sent to his phone. To his dismay, the caller possessed accurate personal details, including his date of birth and current address, obtained from a "people search" site called People Data Labs.



 

A separate report from Krebs on Security highlighted similar encounters involving cryptocurrency hedge fund owners and security industry experts. They too fell victim to the scam, emphasizing that the issue was related to their Apple accounts rather than specific devices.

"If you haven’t already, I’d highly suggest scrubbing yourself from people data aggregators such as People Data Labs, Spokeo, Pimeyes, Social Catfish, and others," Patel wrote in a follow-up post. Currently, there's no way one can avoid this scam apart from hitting "Don't Allow" every time the notification appears. 

Cover Image Source: : An Apple corporate logo | Getty Images | Gary Hershorn
Image Source: An Apple corporate logo | Getty Images | Photo by Gary Hershorn

As of now, there haven't been any public reports of individuals succumbing to the Apple ID password reset scam. However, should you inadvertently grant permission by clicking "allow" on the push notification, it could result in permanent loss of access to your iCloud account. This scenario enables a successful attacker to seize control of your photos, and contacts, and even remotely erase your device.

In a particular case mentioned by AppleInsider, a target received guidance from a senior Apple engineer to activate an Apple Recovery Key as a precautionary measure. This key, comprising a 28-character code, serves as a safeguard against the standard account recovery process, providing an avenue for future account retrieval.



 

This isn't the first time Apple has confronted such an attack. In 2019, a bug dubbed "AirDoS" emerged, enabling attackers to inundate nearby iOS devices with incessant prompts to share a file via AirDrop. The Cupertino giant eventually resolved the issue through its iOS 13.3 update.

Now, with reports circulating about the company's emphasis on integrating AI into their upcoming iOS 18, it raises curiosity about potential advancements in screening and addressing such vulnerabilities. It remains to be seen whether Apple will leverage AI to implement more effective measures for identifying and mitigating these types of security threats.

This strategic shift towards AI in iOS 18 could mark a significant step forward in fortifying Apple's ecosystem against emerging cyber threats.

MORE ON MARKET REALIST
The co-founders of 'The Better Bedder' got the partner they were looking for in the queen of QVC.
4 hours ago
The fans did not believe that any of the prizes were as good as winning cash.
5 hours ago
The expert said that the history of the watch would at least double its value.
7 hours ago
The shark also took a jab at Kevin O'Leary and the idea of partnering with another shark.
9 hours ago
The card had a manufactuting defect but that is what made it so valuable.
1 day ago
He didn't believe he'd make any money on them and offered a ridiculously low price.
1 day ago
The contestant still managed to be in the lead after quickly learning from her mistake.
1 day ago
The guest was surprised to learn that it was by one of the top artist's of the time.
1 day ago
Despite the loss, the player called making it to the show a dream come true for her.
2 days ago
The host also poked fun at the contestant who answered for now knowing where the city was.
2 days ago
The guest ran a hard bargain, but the item was iconic enough to be worth that much money.
2 days ago
While the player, James, didn't get to play his dream game, he aced the one he got to play.
2 days ago
The best part was that a lot of those hilarious answers did appear on the board.
3 days ago
He got an expert to inspect the letter as it was too good to be true that it had landed in his shop.
3 days ago
The guest said that she often wore some of the jewels that were worth several thousands.
3 days ago
Mark Cuban described his business model as horrible, but still made an offer.
3 days ago
The expert had no idea whether the item was real without a test that could only be done in the US.
3 days ago
Harrison could have had a unique item in his store but his stubbornness cost him big time.
3 days ago
The shark had said that he was out earlier but came back in to swoop the deal away from the others.
4 days ago
The player was on a roll before she entered the bonus round and ran out of luck.
4 days ago