Cybercriminals have discovered a method to manipulate what appears to be a glitch in Apple’s password reset function, launching a scam that could lock you out of your iPhone if not handled cautiously.

Krebs on Security highlights that the scheme begins with a single Reset Password alert, followed by a barrage of similar warnings. The particularly troublesome aspect of this scam is that affected users must choose “Don’t Allow” for each alert to prevent the attack.

Failure to reject these alerts will leave the notifications active, making the iPhone inoperable. Moreover, there’s a risk that some individuals might accidentally select “Allow” instead of “Don’t Allow,” granting the attackers total control over their Apple account by resetting the password.

This tactic, known as “push bombing” or “MFA fatigue,” exploits a feature or vulnerability within a company’s multi-factor authentication (MFA) system. 

Should you find yourself targeted by this scam, it’s important to avoid tapping “Allow” on any password reset alerts. Although dismissing each notification one by one is irritating and time-consuming, failing to do so could leave your iPhone unusable and allow attackers full control over your Apple account.

In instances of receiving calls from individuals claiming to represent Apple Support, it is advised not to disclose any personal information. Instead, request the caller to verify any information they already possess about you. It’s important to remember that genuine Apple Support is unlikely to initiate unsolicited calls, and under no circumstances would they request your password or personal details via phone.


Stay vigilant and stay protected!

Chapman University Information Systems and Technology (IS&T)