There is a common misconception that Apple products offer stronger security features than Android.
Whatever your argument, don't let the thought put you off guard.
A new scam targeting iPhone users is emerging, and if you're not prepared, your account could be permanently shut down.
Click to receive Kurt's free CYBERGUY newsletter with security alerts, quick video tips, tech reviews, and easy ways to make you smarter.
What is the ‘push bombing/MFA fatigue’ scam?
If you suddenly see a “Reset Password” notification on your iPhone screen that only offers “Allow” or “Don’t Allow” options, you may be a victim of the latest “push bomb” scam. Scammers are believed to have found a way to exploit this new bug in Apple. However, it's not entirely clear whether a bug is the cause.
Get FOX Business on the go by clicking here
If you see this notification and click “Don't allow” (whichever you want), it will just cause more notifications to pop up, like those annoying pop-up window attacks you used to get. If you keep frantically clicking “Don’t allow,” your fingers may slip by accidentally clicking “Allow.”
Clicking “Allow” will give scammers access to your iPhone account and could permanently lock your phone.
More Info: How to Update Your Password on iPhone
Warning if you are in the Apple ecosystem
This scam isn't limited to iPhones. If you specialize in the Apple ecosystem, it's important to remember that users have reported experiencing this scam on other Apple devices, including the Apple Watch.
Not only this, one user reported that after he clicked “Don't allow” over and over again and the notification eventually disappeared, a scammer actually called his iPhone in another attempt to catch him. Apple Support usually doesn't call you out of the blue.
MORE: How to Protect Your iPhone Calendar from Intrusive Spam Invitations
Apple's response to 'password reset' notification scams
“We are aware of reports that a small number of iPhone users are attempting to reset their passwords and are receiving a large number of notifications asking if they have taken steps to resolve the reported issue,” a company spokesperson said.
How to Outsmart This Scam and Protect Yourself
If you are the target of this attack, it is most important that you do not tap “Allow” on the password reset notification. It will take some time to unlock them one by one, but they will go away.
If you give up and click “Allow,” the hackers behind this campaign will take full control of your Apple account. So whatever you do, don't click “Allow.” If you need assistance, you can contact Apple at any time by logging in here.
See more: 8 Ways to Lock Your iPhone's Privacy
What should I do if the message continues to appear?
If you continue to receive the message, temporarily change the phone number associated with your Apple ID. Please note that this may affect iMessage and FaceTime functionality.
Beware of scammers posing as Apple Support
If you get a call from someone claiming to be an Apple support representative after removing the notification, it's likely a scammer. Just hang up. Whatever you do, don't give them any information. In case personal information such as resident registration number is leaked follow the steps In ~ IdentityTheft.gov. You can report there, and the website will help create a recovery plan for you and guide you through each step of recovering your identity. You can also call Apple directly at 800-275-2273 (US) to verify communications.
AI WORM exposes security flaws in AI tools such as CHATGPT.
Report a scam call
You can report fraudulent phone calls to the Federal Trade Commission. reportfraud.ftc.gov Alternatively, contact your local law enforcement agency.
Is turning on ‘Apple Recovery Key’ the solution?
According to Krebs on security; Actual Apple Support suggested turning on Apple Recovery Key to avoid the notifications, but one of the victims tried this and it didn't stop.
Stay tuned. Apple Support Page For updates.
Protect your Apple account
It's common knowledge that a phone number is required when setting up an Apple account. However, once your account is created, this phone number does not necessarily have to be a mobile phone number. Apple may use VOIP numbers, e.g. google voice) as a valid alternative. Therefore, one potential mitigation strategy is to change your account phone number to a less known VOIP number.
Important note: If you choose a VOIP number, keep in mind that if you don't also include your actual mobile phone number, Apple's iMessage and FaceTime applications will be disabled on that device.
Additionally, Apple's password reset system accommodates: email alias. You can create an unlimited number of unique email addresses associated with the same email address by adding a “+” character after the username portion of the email address and adding a site-specific notation (e.g. Cyberguy+example@use.startmail.com). account. This technology allows you to better organize and track your incoming emails.
tip: When choosing an alias, consider using a less explicit name than “+apple” to increase security and privacy.
Kurt’s Key Takeaways
Security is a never-ending game of cat and mouse, and no device is truly invincible. Apple is working on a fix for this issue, but it's important to remain vigilant until it's resolved. If you're bombarded with “Reset your password” messages, stay calm, don't click 'Allow', be patient and close each notification. Also, stay updated on Apple's progress on a permanent solution. Following these steps can help you outsmart these scams and keep the Apple ecosystem safe.
CLICK HERE TO GET THE FOX NEWS APP
Do you think companies like Apple should take more responsibility for security vulnerabilities? Why? Please let us know by sending a letter to: Cyberguy.com/Contact Us
Subscribe to the free CyberGuy Report newsletter for more tech tips and security alerts. Cyberguy.com/Newsletter
Ask Kurt a question or let him know what story you'd like us to cover.
Answers to CyberGuy's most frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.