Recently, there's been a worrying trend in iPhone security: the rise of iPhone password reset attacks, also known as "MFA bombing." This sneaky method involves using the Apple ID password reset system to flood users with iOS prompts, aiming to take control of their accounts. Given these developments, Apple users need to strengthen their defences against such sneaky schemes.
MFA bombing, also called MFA fatigue or push bombing, means bombarding unsuspecting victims with loads of official iOS password reset prompts. As explained by Krebs on Security, bad actors exploiting this vulnerability use the victim's phone number to send over a hundred multi-factor authentication (MFA) prompts to their iPhone and other Apple devices, pressuring them into resetting their Apple ID password.
Even though Apple has tried to fix this issue, occasional attacks still happen, reminding us of the ongoing risk. Personal stories, like encountering password reset prompts on iPhones and Macs, show how common this threat is.
To protect yourself from iPhone password reset attacks, follow these simple steps:
Say no to password resets: Since these reset requests look official, be careful and always select "Don't Allow" to stop the attackers in their tracks.
Be careful with incoming calls: With call spoofing on the rise, where scammers pretend to be someone they're not, it's best to avoid giving out personal information or one-time codes over the phone. If unsure, don't answer, and reach out to Apple through trusted channels.
Change your phone number if needed: If you keep getting prompts, consider changing the phone number linked to your Apple ID temporarily. But remember, this might affect iMessage and FaceTime.
Staying alert is crucial to protecting yourself from iPhone password reset attacks. By taking proactive steps and following these tips. Stay informed, stay careful, and stay secure.