New Phishing Attack Targets Apple Users

New Phishing Attack Targets Apple Users

Recently, a new cybersecurity problem targeting Apple users has emerged: the “MFA Bombing” attacks.  These phishing attempts exploit the Multi-Factor Authentication (MFA) system, focusing on the Apple ID password reset feature. By overwhelming users with password reset notifications, attackers aim to breach personal security defenses.

What is MFA Bombing

Many Apple users have experienced the disruptive nature of MFA Bombing firsthand. Reports indicate individuals receiving continuous Apple ID password reset notifications, creating a significant disruption to their device usage. This relentless stream of alerts has a simple goal: to cause confusion, frustration, and, as a result –  accidental approval of authentication requests.

At its core, MFA Bombing is a phishing strategy that manipulates the Multi-Factor Authentication (MFA) process. Attackers make use of Apple’s password reset system for Apple IDs, bombarding users with a flood of authentication requests. Although sounds similar in nature – this is not a brute force attack, rather, it’s designed to confuse and wear down the user, hoping they’ll accidentally approve a request, granting the attacker access. These attacks exploit the trust users place in MFA, turning a security measure into a potential vulnerability.

The mechanism behind MFA Bombing attacks involves exploiting Apple’s password reset function. Attackers initiate multiple password reset requests for a targeted Apple ID, triggering a flood of MFA prompts to the user’s devices. It is not yet known what allows attackers to send multiple requests in a short period, but it may be a bug that’s being exploited.

What to Do?

The ability to even start the attack largely depends on the attacker’s ability to access the email address and phone number linked to the Apple ID. Without this access, it’s impossible to initiate the MFA Bombing process. And where do attackers get this info? Most likely they use information previously leaked in data breaches. So while there’s no real way to counteract these attacks, you can at least try to prevent them from happening – just be cautious of phishing attempts seeking to gather personal information – don’t trust your email and phone number to unverified sites, and double-check if you’re talking with real Apple Support. Regularly monitoring account activity can also help detect unauthorized attempts early.

To monitor for potential exposure in data breaches, regularly check your email addresses and phone numbers on sites like Have I Been Pwned. These platforms can alert you if your information appears in known data breaches.

Also, note that enabling a recovery key won’t solve the issue – KrebsOnSecurity tested and confirmed that enabling a recovery key does nothing to stop a password reset prompt from being sent to your devices.

“Apple’s “forgot password” page will send a system alert, whether or not the user has enabled an Apple Recovery Key.” – they write.

Looking Ahead

And that’s a wrap! Just remember, the world is always on the move, and so are the folks looking to stir up trouble. But, remember, we’re all in this together. We’ll keep you posted with such important matters to keep you a step ahead. So, till next time, take care, stay alert, and let’s keep each other in the loop. Catch you in the next update!

Jeff Cochin has more than ten years of experience in data recovery, management and warehousing. On Macgasm he mostly writes about Apple news and software reviews. Jeff's journey with Macbooks began in 2008, showcasing his enduring commitment to the Apple… Full Bio