ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / ECONOMY & WORK

Think Twice Before Hitting ‘Allow’ on Your iPhone—It Could Be a Scam

The main idea of the scam is to bombard the target's phone with several push notifications in hopes that the target will press the allow option.
PUBLISHED MAR 28, 2024
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street

A new Apple ID spearphishing campaign that uses "push bombing" or "MFA Bombings" has been targeting several tech professionals over the last few weeks. The core concept of the scam involves bombarding the victim's phone with numerous push notifications, commonly referred to as Multi-Factor Authentication (MFA) notifications. The aim is to induce the victim to inadvertently grant permission by selecting "Allow" instead of "Don't Allow" at least once.

Image Source: Photo by PhotoMIX Company | Pexels
Image Source: Photo by PhotoMIX Company | Pexels

Tech professional Parth Patel recently shared his encounter with a scam on X, recounting the onslaught of push notifications across all his Apple devices. These notifications suspiciously requested permission to reset his Apple ID password, raising red flags. What alarmed him most was that these notifications appeared to be "system-level notifications."

Patel found himself bombarded with over 100 push notifications. After clearing them, he received a call from a fake caller ID posing as Apple's legitimate support line, asking for an OTP sent to his phone. To his dismay, the caller possessed accurate personal details, including his date of birth and current address, obtained from a "people search" site called People Data Labs.



 

A separate report from Krebs on Security highlighted similar encounters involving cryptocurrency hedge fund owners and security industry experts. They too fell victim to the scam, emphasizing that the issue was related to their Apple accounts rather than specific devices.

"If you haven’t already, I’d highly suggest scrubbing yourself from people data aggregators such as People Data Labs, Spokeo, Pimeyes, Social Catfish, and others," Patel wrote in a follow-up post. Currently, there's no way one can avoid this scam apart from hitting "Don't Allow" every time the notification appears. 

Cover Image Source: : An Apple corporate logo | Getty Images | Gary Hershorn
Image Source: An Apple corporate logo | Getty Images | Photo by Gary Hershorn

As of now, there haven't been any public reports of individuals succumbing to the Apple ID password reset scam. However, should you inadvertently grant permission by clicking "allow" on the push notification, it could result in permanent loss of access to your iCloud account. This scenario enables a successful attacker to seize control of your photos, and contacts, and even remotely erase your device.

In a particular case mentioned by AppleInsider, a target received guidance from a senior Apple engineer to activate an Apple Recovery Key as a precautionary measure. This key, comprising a 28-character code, serves as a safeguard against the standard account recovery process, providing an avenue for future account retrieval.



 

This isn't the first time Apple has confronted such an attack. In 2019, a bug dubbed "AirDoS" emerged, enabling attackers to inundate nearby iOS devices with incessant prompts to share a file via AirDrop. The Cupertino giant eventually resolved the issue through its iOS 13.3 update.

Now, with reports circulating about the company's emphasis on integrating AI into their upcoming iOS 18, it raises curiosity about potential advancements in screening and addressing such vulnerabilities. It remains to be seen whether Apple will leverage AI to implement more effective measures for identifying and mitigating these types of security threats.

This strategic shift towards AI in iOS 18 could mark a significant step forward in fortifying Apple's ecosystem against emerging cyber threats.

MORE ON MARKET REALIST
Both the guest and the expert were fascinated by how well the automaton worked.
18 hours ago
One of the entrepreneurs broke down in tears, explaining all the struggles they had to go through.
19 hours ago
She couldn’t believe it when her doll was appraised at a five-figure sum, and laughed in disbelief.
22 hours ago
Ken Jennings truly has embraced "Jeopardy!" in every way possible at this point.
23 hours ago
The comedian was impressed by the simplicity of the product and amused by the pitch.
1 day ago
Harrison usually makes smart deals on the show, but this vintage car buy turned into a costly mistake.
1 day ago
Had she started the game in a better way, she might have won the five-figure prize money.
1 day ago
Barbara Corcoran made the exact same offer, and she wasn't happy about being rejected.
2 days ago
The guest believed that it was worth a modest amount of money, but that was clearly not the case.
2 days ago
With James Holzhauer in the lead, Amy Schneider and Andrew He decided to joke around.
2 days ago
Barbara Corcoran told the founders that she had never seen Greiner so passionate.
2 days ago
The guest said that it was left to her by her grandmother who passed at the age of 102.
3 days ago
The host was quick to latch on to his way of speaking and made a mockery of it on TV.
3 days ago
The contestant was clearly just happy to win the chance of being on the same stage as Drew Carey.
3 days ago
The player, Thomas Russo, nearly put all of his strength into spinning the wheel.
3 days ago
Things took a turn for the better with the shark as far as the entrepreneurs were concerned.
4 days ago
The expert pointed out the intricate details on the item and said it was a personal item of the royals.
4 days ago
The expert said that if the signature was on a letterhead when Garfield was President, it would be worth more.
4 days ago
Had the contestants not gotten their gamble right, they would have lost everything they'd earned.
5 days ago
The revelation came thanks to a fan who asked the question during a "Jeopardy!" taping.
5 days ago