Apple Users Are Getting Bombarded With ‘Reset Password’ Requests


Apple users are being targeted by a widespread and annoying scam that aims to change their passwords and lock them out of their devices, according to a new report from sources. Krebs on Security. In some cases, the hackers also called people and pretended to be Apple Support.

The scam begins with a series of system notifications that ask the Apple user to reset their Apple ID password, Krebs on Security explained. Because the received messages are system notifications, users cannot do anything else with their phones until they accept or reject each request. The attack does not end there.

Even when users reject all password reset requests – one user is reported received more than a hundred requests on X, formerly known as Twitter – fraudsters have their aces up their sleeves. Parth Patel, the founder of the startup, said he received a call from someone claiming to be from Apple Support 15 minutes after rejecting all the requests he received. The number he called was Apple’s support number, which he later confirmed was a spoofa method by which malicious actors can spoof caller ID to display another name or phone number.

Patel says he was wary of receiving requests to reset his password, so he asked an Apple Support representative to confirm the details.

“He did a great job, from the DOB [date of birth]sending email, to phone number, to current address, known addresses…” Patel said on X. However, they realized that the call was not from Apple Support as the hackers got the name wrong. “Even though they predicted everything I wrote, the psychics guessed my name was Anthony S.”

Patel explained that the name “Anthony S” rang a bell because it matched what he had written with People Data Labs, a. people search the website, or data broker, which collects people’s data from different places and sells it. Patel said he knew the information came from People Data Labs because he had done a search on his name in the past, saying: “I distinctly remember that they associated me with a midwestern elementary school teacher named Anthony S.”

An Apple Support representative asked Patel for a one-time pass that was sent to his phone, which he did not provide. Doing so or clicking allow any password reset request sent to her phone in the past would have allowed the attackers to reset her password and lock her out of her devices, Krebs on Security said. They could also delete all of Patel’s data remotely.

In his posts on X, Patel said he is not the only one who has been receiving these fraudulent threats, adding that many of his friends are also being targeted. Mr. Krebs on Security also found two cases of people who shot them.

According to Krebs on Security, hackers appear to be exploiting a flaw in Apple’s privacy settings, though it’s just a theory at this point.

When reached by Gizmodo, Apple declined to comment on the claims, instead pointing Gizmodo to one of its support documents. detect fraud schemes.

“Scammers use fake Caller ID information to spoof phone numbers for companies like Apple and often pretend there’s something suspicious about your account or device to listen in,” an Apple support article said. “If you receive an unsolicited or suspicious call from someone claiming to be from Apple or Apple Support, just call them.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *