iPhone users on alert over 'push bombing' phishing scam
A warning has been issued to iPhone users over a clever scam attack reported via social media.
Security issues are not a new phenomenon in the tech industry, with iOS and Android consistently patched by Apple, Samsung, and Google as hackers focus on new ways to steal your money and identity - including via WhatsApp.
In the past month, Apple has warned iPhone users over a new hacking risk and given some key pointers on how to fix it so you don't fall foul to criminals.
Advert
The company also offers more general tips when it comes to its phones including why you should not put it in rice if you get your iPhone wet.
Now, a new technical issue has been highlighted over on X (formerly Twitter) by those using multi-factor authentication (MFA).
MFA has become a common thing we're all encouraged to get. It's where you need to verify your identity via another pathway when logging in to an account such as your banking app.
This can be done via an authenticator app if you have it set up. Other methods can be via a text to your personal phone or message to your email account.
Well, bad news. Hackers are now targeting the method we use to keep them out.
According to reports, the new phishing attack involves what at first looks like a bug in Apple's password reset feature, where dozens of notifications are pushed on to your home screen telling you to reset your Apple ID password.
If you click 'don't allow' instead of 'allow' like the hackers want, the scammers then call their victim pretending to be Apple Support, asking you to 'verify' your account by sharing your a one-time code (OTP) with them. This is despite such codes being sent to you from Apple explicitly saying 'don't share with anyone'.
One victim of the attack, businessman Parth Patel, took to X to detail his experience of the new hacking method known as 'MFA bombing' or 'push bombing'.
Patel told KrebsOnSecurity: "All of my devices started blowing up, my watch, laptop and phone.
"It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone. I had to go through and decline 100-plus notifications."
If you give over the OTP to the hackers, they are then able to lock you out of your Apple account and even remotely wipe all of your devices.
iPhone users should remain vigilant in this situation, with Apple never proactively calling you in security incidents. The only time this happens is it you ask Apple to ring you back.
One way to stop yourself falling victim to this is to improve your Apple ID security with a recovery key. This is where Apple will give you a randomly generated 28-character code that helps improve the security of your iPhone or iPad.
The Apple website says: "You can generate a recovery key on a trusted device signed in with your Apple ID. After you generate a recovery key, you can also follow these steps to update your recovery key and generate a new one.
"When you generate a recovery key, print a copy or write it down. Keep it in a safe place, so that you always have access to your Apple ID. You can give a copy of your recovery key to a family member, or keep copies in more than one place.
"Before you set up a recovery key, update your device to the latest software version."
LADbible has approached Apple for comment.
Topics: iPhone, Apple, Technology, Crime, World News, UK News, News, US News
Tom Earnshaw