ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / ECONOMY & WORK

Think Twice Before Hitting ‘Allow’ on Your iPhone—It Could Be a Scam

The main idea of the scam is to bombard the target's phone with several push notifications in hopes that the target will press the allow option.
PUBLISHED MAR 28, 2024
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street

A new Apple ID spearphishing campaign that uses "push bombing" or "MFA Bombings" has been targeting several tech professionals over the last few weeks. The core concept of the scam involves bombarding the victim's phone with numerous push notifications, commonly referred to as Multi-Factor Authentication (MFA) notifications. The aim is to induce the victim to inadvertently grant permission by selecting "Allow" instead of "Don't Allow" at least once.

Image Source: Photo by PhotoMIX Company | Pexels
Image Source: Photo by PhotoMIX Company | Pexels

Tech professional Parth Patel recently shared his encounter with a scam on X, recounting the onslaught of push notifications across all his Apple devices. These notifications suspiciously requested permission to reset his Apple ID password, raising red flags. What alarmed him most was that these notifications appeared to be "system-level notifications."

Patel found himself bombarded with over 100 push notifications. After clearing them, he received a call from a fake caller ID posing as Apple's legitimate support line, asking for an OTP sent to his phone. To his dismay, the caller possessed accurate personal details, including his date of birth and current address, obtained from a "people search" site called People Data Labs.



 

A separate report from Krebs on Security highlighted similar encounters involving cryptocurrency hedge fund owners and security industry experts. They too fell victim to the scam, emphasizing that the issue was related to their Apple accounts rather than specific devices.

"If you haven’t already, I’d highly suggest scrubbing yourself from people data aggregators such as People Data Labs, Spokeo, Pimeyes, Social Catfish, and others," Patel wrote in a follow-up post. Currently, there's no way one can avoid this scam apart from hitting "Don't Allow" every time the notification appears. 

Cover Image Source: : An Apple corporate logo | Getty Images | Gary Hershorn
Image Source: An Apple corporate logo | Getty Images | Photo by Gary Hershorn

As of now, there haven't been any public reports of individuals succumbing to the Apple ID password reset scam. However, should you inadvertently grant permission by clicking "allow" on the push notification, it could result in permanent loss of access to your iCloud account. This scenario enables a successful attacker to seize control of your photos, and contacts, and even remotely erase your device.

In a particular case mentioned by AppleInsider, a target received guidance from a senior Apple engineer to activate an Apple Recovery Key as a precautionary measure. This key, comprising a 28-character code, serves as a safeguard against the standard account recovery process, providing an avenue for future account retrieval.



 

This isn't the first time Apple has confronted such an attack. In 2019, a bug dubbed "AirDoS" emerged, enabling attackers to inundate nearby iOS devices with incessant prompts to share a file via AirDrop. The Cupertino giant eventually resolved the issue through its iOS 13.3 update.

Now, with reports circulating about the company's emphasis on integrating AI into their upcoming iOS 18, it raises curiosity about potential advancements in screening and addressing such vulnerabilities. It remains to be seen whether Apple will leverage AI to implement more effective measures for identifying and mitigating these types of security threats.

This strategic shift towards AI in iOS 18 could mark a significant step forward in fortifying Apple's ecosystem against emerging cyber threats.

MORE ON MARKET REALIST
The East Coast Wrestling Association website has inducted 'Big' Bill Page into the Hall of Fame.
7 minutes ago
Her composure and confidence in front of all those people were unwavering and commendable.
1 hour ago
The duke of Verdura had crafted a masterpiece, a pair of Maltese cross bracelets in enamel for Coco Chanel.
2 hours ago
The host was able to get the issue fixed by himself and the show went on as usual.
3 hours ago
It's not every day that a business finds four big investors from "Shark Tank" on its side.
21 hours ago
The man got support from some, but many users also called his video a gimmick.
22 hours ago
The expert told the guest that it couldn't be considered an antique but instead, it was a collectible for the future.
1 day ago
The host usually has the same look for every episode of the show so this new look excited many.
1 day ago
False advertisement is a serious crime and this consumer was smart enough to check the ingredients.
1 day ago
Usually, it's one or two contestants with shocking answers during a round but this one was wild.
1 day ago
The host took the opportunity to laugh at himself after one of the answers on the board was too relatable.
1 day ago
Mishaps can happen on any gameshow but this contestant was resilient enough to finish the game.
2 days ago
It's not easy making a quick decision with cameras on you and some big money prizes at stake.
2 days ago
A biscuit jar might not sound like an ancient artifact, but the beauty of this one was not ordinary.
2 days ago
The host wasn't offended at all and said that they were really good friends.
3 days ago
The veteran co-host has been a part of the show since 1982 and stood out for her fashion sense.
3 days ago
Carey was pleasantly surprised by the contestant who looked exactly like him.
3 days ago
Although the answer wasn't on the board, the host was quick to rebuke the family.
3 days ago
The value of the guest's whole collection was more than 10 times what she had expected.
3 days ago
Even a game show host as veteran as Steve Harvey can be proven wrong on his own show.
4 days ago