An avalanche of notifications is a harbinger of a phishing attack.
Apple users have encountered a clever phishing scheme that exploits a vulnerability in the password reset function. Victims of the attack find that their devices receive such a large number of system notifications that the smartphone becomes impossible to use without responding to each notification.
Entrepreneur Parth Patel was the victim of a similar attack and shared his experience in X, describing how his devices, including his watch, laptop and phone, were overwhelmed with notifications about password change approval.
Some of the notifications that Patel received at the same time
Requests were received on the phone for several days. After refusing all requests to reset his password from Apple, Patel soon received a call from an alleged Apple support service, whose number coincided with the company's real customer support line. However, despite providing up-to-date personal information, the caller was unable to correctly enter Patel's real name, instead using the name associated with Patel on one of the people search sites.
The fraudsters goal is to get a one-time Apple ID reset code, which will allow them to reset the password and block the owner's access to the account, as well as remotely erase all data from the victim's device.
This phishing technique is known as MFA Bombing (MFA Fatigue) and exploits a feature or vulnerability in the multi-factor authentication system by triggering a flood of notifications to the victim's device. Such attacks can be especially effective if the attackers know the phone number associated with the Apple account.
In response to the growing threat of MFA Bombing, Microsoft has begun implementing additional security measures, such as the MFA number verification feature, which requires the user to enter the numbers shown on the screen into the authenticator app to confirm login.
Experts urge Apple to strengthen security measures and consider introducing additional restrictions on the frequency of password reset requests to prevent similar attacks in the future. At the time of publication, Apple has not commented on the situation, which raises concerns among users regarding the security of their personal data and devices.
Apple users have encountered a clever phishing scheme that exploits a vulnerability in the password reset function. Victims of the attack find that their devices receive such a large number of system notifications that the smartphone becomes impossible to use without responding to each notification.
Entrepreneur Parth Patel was the victim of a similar attack and shared his experience in X, describing how his devices, including his watch, laptop and phone, were overwhelmed with notifications about password change approval.
Some of the notifications that Patel received at the same time
Requests were received on the phone for several days. After refusing all requests to reset his password from Apple, Patel soon received a call from an alleged Apple support service, whose number coincided with the company's real customer support line. However, despite providing up-to-date personal information, the caller was unable to correctly enter Patel's real name, instead using the name associated with Patel on one of the people search sites.
The fraudsters goal is to get a one-time Apple ID reset code, which will allow them to reset the password and block the owner's access to the account, as well as remotely erase all data from the victim's device.
This phishing technique is known as MFA Bombing (MFA Fatigue) and exploits a feature or vulnerability in the multi-factor authentication system by triggering a flood of notifications to the victim's device. Such attacks can be especially effective if the attackers know the phone number associated with the Apple account.
In response to the growing threat of MFA Bombing, Microsoft has begun implementing additional security measures, such as the MFA number verification feature, which requires the user to enter the numbers shown on the screen into the authenticator app to confirm login.
Experts urge Apple to strengthen security measures and consider introducing additional restrictions on the frequency of password reset requests to prevent similar attacks in the future. At the time of publication, Apple has not commented on the situation, which raises concerns among users regarding the security of their personal data and devices.
