- Nachrichtendetail
-
27.03.2024 20:42:35 - dpa-AFX: Apple Users Targeted With MFA Bombing Attacks
CUPERTINO (dpa-AFX) - Apple Inc. (AAPL) users have recently been facing a
new and troubling threat known as multi-factor authentication or MFA bombing
attacks or push notification spam.
This tactic, as described by Brian Krebs at Krebs on Security, involves a
continuous stream of MFA requests being sent to users, prompting them to reset
their Apple ID passwords.
By clicking 'Allow,' users are unwittingly allowing hackers to gain access to
their Apple ID passwords and seize control of their accounts, which can affect
all devices linked to the same ID. This attack strategy aims to induce panic and
elicit compliant responses by sending a deluge of notifications and MFA messages
to trick users into resetting their passwords.
Once this is done, attackers follow up with spoofed calls masquerading as Apple
representatives, seeking sensitive information under the guise of protecting the
victim's account from the ongoing attack. The ultimate goal is to acquire a
one-time code to confirm a password reset or login attempt.
Parth Patel, a startup founder in the AI industry, shared his experience on X
about how all of his Apple devices were bombarded with over 100 notifications
requesting permission to reset his Apple password. These notifications were so
urgent that they effectively locked up his devices until he addressed them. The
attackers mimicked the official Apple helpline and requested an OTP that Patel
had just received via text, emphasizing that it should not be shared with
anyone.
Another individual reported to Krebs that they experienced similar reset
notifications over several days, followed by a call claiming to be from Apple
support. After hanging up and verifying with Apple directly, it was confirmed
that no support issue existed.
These accounts, along with others detailed on Krebs' platform, highlight the
necessity for Apple to implement restrictions on password resets or enhance
access control measures. Since phone number spoofing is common, the safest
action is to end the call and contact Apple support directly. Under no
circumstances should a one-time code be shared with anyone, and Apple users need
to take the necessary precautions to protect their accounts and devices from
these insidious attacks.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
new and troubling threat known as multi-factor authentication or MFA bombing
attacks or push notification spam.
This tactic, as described by Brian Krebs at Krebs on Security, involves a
continuous stream of MFA requests being sent to users, prompting them to reset
their Apple ID passwords.
By clicking 'Allow,' users are unwittingly allowing hackers to gain access to
their Apple ID passwords and seize control of their accounts, which can affect
all devices linked to the same ID. This attack strategy aims to induce panic and
elicit compliant responses by sending a deluge of notifications and MFA messages
to trick users into resetting their passwords.
Once this is done, attackers follow up with spoofed calls masquerading as Apple
representatives, seeking sensitive information under the guise of protecting the
victim's account from the ongoing attack. The ultimate goal is to acquire a
one-time code to confirm a password reset or login attempt.
Parth Patel, a startup founder in the AI industry, shared his experience on X
about how all of his Apple devices were bombarded with over 100 notifications
requesting permission to reset his Apple password. These notifications were so
urgent that they effectively locked up his devices until he addressed them. The
attackers mimicked the official Apple helpline and requested an OTP that Patel
had just received via text, emphasizing that it should not be shared with
anyone.
Another individual reported to Krebs that they experienced similar reset
notifications over several days, followed by a call claiming to be from Apple
support. After hanging up and verifying with Apple directly, it was confirmed
that no support issue existed.
These accounts, along with others detailed on Krebs' platform, highlight the
necessity for Apple to implement restrictions on password resets or enhance
access control measures. Since phone number spoofing is common, the safest
action is to end the call and contact Apple support directly. Under no
circumstances should a one-time code be shared with anyone, and Apple users need
to take the necessary precautions to protect their accounts and devices from
these insidious attacks.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
| Name | WKN | Börse | Kurs | Datum/Zeit | Diff. | Diff. % | Geld | Brief | Erster | Schluss | |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
APPLE INC. | 865985 | Frankfurt | 158,900 | 26.04.24 21:34:30 | +0,960 | +0,61% | 0,000 | 0,000 | 158,500 | 158,900 |
