Apple users facing the brunt of sophisticated phishing attacks
What's the story
In a recent wave of sophisticated phishing attacks, Apple users have found themselves in the crosshairs. These complex attacks trick users into resetting their Apple ID passwords, rendering their devices inoperable until they choose either "Allow" or "Don't Allow." Alarmingly, after users decline the password reset prompts, fraudsters masquerade as Apple Support via phone calls. They even go as far as spoofing the caller ID to show the legitimate Apple customer support number.
Analysis
Expert analysis of escalating threat of MFA bombing
Michael Covington, Vice President of Portfolio Strategy at Jamf, an Apple security firm, has provided insights into these attacks, termed MFA (Multi-Factor Authentication) bombing. He paints a daunting picture for targeted users who must navigate a barrage of notifications with the constant threat of further exploitation if they make a single error. Covington underscores that these attacks usually occur after "a successful compromise of the user's credentials."
Protecting users
Staying alert and verifying: The key to counter phishing attacks
Covington further elaborates that "once the MFA bombing sequence begins, users must be vigilant" in safeguarding their second factor of authentication, typically a PIN code. He also alerts users about fraudsters' capability to mimic genuine customer support numbers. To defend against these threats, Covington advises keeping software up-to-date and reaching out to customer support proactively whenever necessary. He also recommends using verification questions when receiving calls claiming to be from customer support.