ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / ECONOMY & WORK

Think Twice Before Hitting ‘Allow’ on Your iPhone—It Could Be a Scam

The main idea of the scam is to bombard the target's phone with several push notifications in hopes that the target will press the allow option.
PUBLISHED MAR 28, 2024
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street
Cover Image Source: iPhone Home Screen | Unsplash | Photo by Jamie Street

A new Apple ID spearphishing campaign that uses "push bombing" or "MFA Bombings" has been targeting several tech professionals over the last few weeks. The core concept of the scam involves bombarding the victim's phone with numerous push notifications, commonly referred to as Multi-Factor Authentication (MFA) notifications. The aim is to induce the victim to inadvertently grant permission by selecting "Allow" instead of "Don't Allow" at least once.

Image Source: Photo by PhotoMIX Company | Pexels
Image Source: Photo by PhotoMIX Company | Pexels

Tech professional Parth Patel recently shared his encounter with a scam on X, recounting the onslaught of push notifications across all his Apple devices. These notifications suspiciously requested permission to reset his Apple ID password, raising red flags. What alarmed him most was that these notifications appeared to be "system-level notifications."

Patel found himself bombarded with over 100 push notifications. After clearing them, he received a call from a fake caller ID posing as Apple's legitimate support line, asking for an OTP sent to his phone. To his dismay, the caller possessed accurate personal details, including his date of birth and current address, obtained from a "people search" site called People Data Labs.



 

A separate report from Krebs on Security highlighted similar encounters involving cryptocurrency hedge fund owners and security industry experts. They too fell victim to the scam, emphasizing that the issue was related to their Apple accounts rather than specific devices.

"If you haven’t already, I’d highly suggest scrubbing yourself from people data aggregators such as People Data Labs, Spokeo, Pimeyes, Social Catfish, and others," Patel wrote in a follow-up post. Currently, there's no way one can avoid this scam apart from hitting "Don't Allow" every time the notification appears. 

Cover Image Source: : An Apple corporate logo | Getty Images | Gary Hershorn
Image Source: An Apple corporate logo | Getty Images | Photo by Gary Hershorn

As of now, there haven't been any public reports of individuals succumbing to the Apple ID password reset scam. However, should you inadvertently grant permission by clicking "allow" on the push notification, it could result in permanent loss of access to your iCloud account. This scenario enables a successful attacker to seize control of your photos, and contacts, and even remotely erase your device.

In a particular case mentioned by AppleInsider, a target received guidance from a senior Apple engineer to activate an Apple Recovery Key as a precautionary measure. This key, comprising a 28-character code, serves as a safeguard against the standard account recovery process, providing an avenue for future account retrieval.



 

This isn't the first time Apple has confronted such an attack. In 2019, a bug dubbed "AirDoS" emerged, enabling attackers to inundate nearby iOS devices with incessant prompts to share a file via AirDrop. The Cupertino giant eventually resolved the issue through its iOS 13.3 update.

Now, with reports circulating about the company's emphasis on integrating AI into their upcoming iOS 18, it raises curiosity about potential advancements in screening and addressing such vulnerabilities. It remains to be seen whether Apple will leverage AI to implement more effective measures for identifying and mitigating these types of security threats.

This strategic shift towards AI in iOS 18 could mark a significant step forward in fortifying Apple's ecosystem against emerging cyber threats.

MORE ON MARKET REALIST
The guest's mother had initially advised her father against purchasing it but he did it anyway.
11 hours ago
The entreprenuer knew he had an ace up his sleeve and he played it to perfection.
13 hours ago
Thankfully, the contestant was up for the task and was able to silence any doubters on the show.
15 hours ago
Things could have been real messy had the host not reacted in time and prevented the setback.
17 hours ago
The product had its doubters, but, in the end, the entrepreneurs were able to make a lasting impact.
1 day ago
Things were not looking too good at one point as most of the sharks had backed out... until the end.
2 days ago
A number of episodes with the icon reprising his role as host will be released this year.
2 days ago
She had only believed that her items were worth a thousand bucks and that was not the case.
2 days ago
The host wasn't expecting such unusual answers to be among the top options.
2 days ago
He was able to get the puzzle right just in the nick of time in order to win a significant amount of cash.
2 days ago
The host seemed pretty confident that the answer was in no way going to be correct.
3 days ago
The history attached to the flag is tragic, and it personally affected the guest.
3 days ago
The product was unique and could help millions of new mothers around the globe.
4 days ago
Viewers believe that the game show sometimes doesn't allow participants to win multiple prizes.
4 days ago
Harvey was clearly annoyed by the answer and refused to buy any explanation.
4 days ago
After his impressive 74 winning streak, Ken Jennings has been hosting the show since 2022 with a $4 million paycheck.
4 days ago
Drew Carey was supposed to look scary, but the host ended up being funny and awkward.
4 days ago
Steve Harvey mocked Snoop Dogg over his choice and went on to roast the rapper more.
4 days ago
It seemed like she was going to lose her chance of winning, but that was not the case after all.
4 days ago
The host is clearly not a fan of hyping up answers that he doesn't personally approve of.
5 days ago