ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / ECONOMY & WORK

Think Twice Before Hitting ‘Allow’ on Your iPhone—It Could Be a Scam

The main idea of the scam is to bombard the target's phone with several push notifications in hopes that the target will press the allow option.
PUBLISHED MAR 28, 2024
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street

A new Apple ID spearphishing campaign that uses "push bombing" or "MFA Bombings" has been targeting several tech professionals over the last few weeks. The core concept of the scam involves bombarding the victim's phone with numerous push notifications, commonly referred to as Multi-Factor Authentication (MFA) notifications. The aim is to induce the victim to inadvertently grant permission by selecting "Allow" instead of "Don't Allow" at least once.

Image Source: Photo by PhotoMIX Company | Pexels
Image Source: Photo by PhotoMIX Company | Pexels

Tech professional Parth Patel recently shared his encounter with a scam on X, recounting the onslaught of push notifications across all his Apple devices. These notifications suspiciously requested permission to reset his Apple ID password, raising red flags. What alarmed him most was that these notifications appeared to be "system-level notifications."

Patel found himself bombarded with over 100 push notifications. After clearing them, he received a call from a fake caller ID posing as Apple's legitimate support line, asking for an OTP sent to his phone. To his dismay, the caller possessed accurate personal details, including his date of birth and current address, obtained from a "people search" site called People Data Labs.



 

A separate report from Krebs on Security highlighted similar encounters involving cryptocurrency hedge fund owners and security industry experts. They too fell victim to the scam, emphasizing that the issue was related to their Apple accounts rather than specific devices.

"If you haven’t already, I’d highly suggest scrubbing yourself from people data aggregators such as People Data Labs, Spokeo, Pimeyes, Social Catfish, and others," Patel wrote in a follow-up post. Currently, there's no way one can avoid this scam apart from hitting "Don't Allow" every time the notification appears. 

Cover Image Source: : An Apple corporate logo | Getty Images | Gary Hershorn
Image Source: An Apple corporate logo | Getty Images | Photo by Gary Hershorn

As of now, there haven't been any public reports of individuals succumbing to the Apple ID password reset scam. However, should you inadvertently grant permission by clicking "allow" on the push notification, it could result in permanent loss of access to your iCloud account. This scenario enables a successful attacker to seize control of your photos, and contacts, and even remotely erase your device.

In a particular case mentioned by AppleInsider, a target received guidance from a senior Apple engineer to activate an Apple Recovery Key as a precautionary measure. This key, comprising a 28-character code, serves as a safeguard against the standard account recovery process, providing an avenue for future account retrieval.



 

This isn't the first time Apple has confronted such an attack. In 2019, a bug dubbed "AirDoS" emerged, enabling attackers to inundate nearby iOS devices with incessant prompts to share a file via AirDrop. The Cupertino giant eventually resolved the issue through its iOS 13.3 update.

Now, with reports circulating about the company's emphasis on integrating AI into their upcoming iOS 18, it raises curiosity about potential advancements in screening and addressing such vulnerabilities. It remains to be seen whether Apple will leverage AI to implement more effective measures for identifying and mitigating these types of security threats.

This strategic shift towards AI in iOS 18 could mark a significant step forward in fortifying Apple's ecosystem against emerging cyber threats.

MORE ON MARKET REALIST
Jennings is loved by fans of the show ever since he became one of its most dominant contestants.
10 hours ago
The founder didn't budge even an inch from the valuation that she found to be accurate.
11 hours ago
The player later confessed that he went blank and gave the wrong answer.
14 hours ago
She had no idea who the painter was and what it might be worth, so her shock was understandable.
15 hours ago
She knew the answer long before the timer started ticking down and won a massive chunk of money.
16 hours ago
The contestant made several errors while playing one of the show's most time-sensitive games.
1 day ago
Ari Siegel started 'History by Mail' in 2019 after witnessing a powerful historic document in the Library of Congress.
1 day ago
Her name isn't usually mentioned on the show for obvious reasons, so this was a rarity.
1 day ago
The car was an infamous piece of hip-hop history and could fetch big money at auctions.
1 day ago
The iconic action movie had a dialogue that had a reference to the show popular back then as well.
1 day ago
Cuban kept resisting a joint deal, but then all other sharks decided to give him a higher share.
1 day ago
The insider account contradicts a statement that Bialik had released regarding her exit.
1 day ago
Seacrest took the opportunity to congratulate the second-time 'honeymooners' with a risqué joke. 
2 days ago
The duo has expanded their business with more product lines since they gained exposure.
2 days ago
This information could help a lot of contestants do well on "The Price is Right" but there's a risk.
2 days ago
The contestant was doing it in her heels and Seacrest was at first surprised.
2 days ago
Jennings couldn't keep his thoughts in after listening to the contestant's story.
3 days ago
The woman wasn't the only one who had made such an alarming discovery.
3 days ago
The competitor was able to make a comeback and walk out as the champion, which is impressive.
3 days ago
The show sees several valuable items whenever it films, and their safety is absolutely imperative.
3 days ago