The Scary New iPhone Scam You NEED to Know About

Brandon Butch
28 Mar 202408:07

Summary

TLDRA new phishing attack targeting Apple users is on the rise, known as multiactor bombing, which overwhelms victims with legitimate-looking Apple notifications. Scammers may also spoof Apple Support calls, tricking users into revealing security codes. To protect oneself, users should remove personal information from people search websites, consider using email aliases, and be aware that Apple Support will rarely initiate contact unless requested by the user.

Takeaways

  • 🚨 A new phishing attack is targeting Apple users, exploiting a bug to hijack accounts.
  • 🔍 The attack, known as multiactor bombing, overwhelms users with legitimate-looking Apple authentication requests.
  • 📞 Scammers use spoofed caller IDs displaying Apple's real customer support number to trick users into revealing security codes.
  • 🔄 Victims report continuous attacks even after changing devices, email addresses, and iCloud accounts.
  • 🛑 Apple has acknowledged the issue and states that enabling a security key can help, but it is not a foolproof solution.
  • 🔍 Security researcher Matt Johansson suggests the attackers are bypassing rate limits on Apple's 'forgot password' page.
  • 🛠️ Users can protect themselves by removing personal information from people search websites and using email aliases for their Apple accounts.
  • 📱 Changing the phone number associated with an Apple ID to a VoIP number can deter scammers, though it may disable iMessage and FaceTime.
  • 📧 Consider using a unique email address for Apple services to avoid being affected by database leaks.
  • ☎️ Apple support will rarely initiate contact unless requested by the user; any unsolicited communication should be treated with suspicion.
  • 📢 Sharing information about these attacks can help others, especially those who may be less informed about online security.

Q & A

  • What is the new phishing attack targeting Apple devices?

    -The new phishing attack is called a multiactor bombing attack. It aims to overwhelm the target with numerous authentication requests, causing them to mistakenly accept one, leading to potential account hijacking.

  • How do the scammers initiate contact with their targets?

    -Scammers use a spoofed caller ID displaying Apple's real customer support phone number, calling the target and claiming that their account is under attack. They request a one-time code for verification, which if given, allows them to reset the password and lock the victim out.

  • What is the significance of the legitimate Apple alerts during the attack?

    -The legitimate Apple alerts are part of the attack, sent in large numbers to pressure the target into action. These alerts are system-level notifications from Apple, which the scammers exploit to create a sense of urgency and confusion.

  • Victims have reported being overwhelmed by the number of notifications, sometimes over a hundred, and feeling compelled to interact with them. Some have tried to secure their accounts by changing devices or contact Apple support directly.

    -One victim reported that even after taking extensive measures like getting a new iPhone, changing their email, and creating a new iCloud account, the attack persisted. Another received password reset requests even after enabling a recovery key for their Apple ID.

  • What is Apple's official stance on outbound calls to customers?

    -Apple has stated that it will never initiate outbound calls to customers unless the customer has specifically requested to be contacted. This means any incoming call claiming to be from Apple support should be treated with suspicion.

  • How do the attackers bypass the rate limit on the 'Forgot Apple ID password' page?

    -Attackers appear to have found a way to bypass the rate limit on the 'Forgot Apple ID password' page, which normally has a captcha to prevent mass requests. They use this vulnerability to trigger the notification attack by inputting the target's email or phone number associated with an iCloud account.

  • What precautions can Apple users take to protect themselves from such phishing attacks?

    -Users can protect themselves by removing their information from people search websites, using email aliases, changing their account's phone number to a VoIP number, and being cautious about接听 calls or responding to messages from numbers claiming to be Apple support.

  • Why is it recommended to use a unique email address for Apple ID?

    -Using a unique email address for Apple ID reduces the risk of it being included in any database leaks, thus minimizing the chances of being targeted by phishing attacks.

  • How can one verify the legitimacy of an Apple support call?

    -If you receive a call claiming to be from Apple support, do not engage immediately. Instead, look up the official Apple support number and call them back to verify the legitimacy of the call.

  • What should you do if you suspect an Apple phishing attack?

    -If you suspect an attack, deny any requests for personal information or one-time codes. Do not answer or engage with the call or message, and report the incident to Apple or the relevant authorities.

  • Who is most at risk from this multiactor bombing phishing attack?

    -Public figures, especially those involved with cryptocurrency or hedge funds, are most at risk due to their high-profile status and the potential financial gains for attackers. However, any individual with easily accessible information or compromised passwords is potentially vulnerable.

Outlines

00:00

🚨 Apple Device Security Warning 🚨

This paragraph discusses a new phishing attack targeting Apple device users, exploiting a bug on Apple's end. The attack, known as multiactor bombing, overwhelms users with authentication requests, leading them to accept one under duress or to cease the notifications. Scammers use a spoofed caller ID displaying Apple Support's real number, tricking users into revealing a one-time code, which allows them to reset passwords, lock users out, and wipe devices. The paragraph shares real-life experiences of victims and emphasizes that these alerts are legitimate Apple system-level notifications, making the scam particularly deceptive.

05:02

🛡️ Protecting Yourself from Phishing Attacks 🛡️

The paragraph offers strategies for Apple users to protect themselves from phishing attacks. It advises removing personal information from people search websites to enhance privacy and prevent attackers from gathering data. It also suggests using email aliases and changing the phone number associated with the Apple ID to a VoIP number to reduce the risk of successful phishing attempts. The speaker shares personal experience recommending the use of a unique email for the Apple ID and emphasizes that Apple Support will rarely initiate contact unless requested by the user. The advice to verify the legitimacy of any supposed Apple support communication is highlighted, concluding with a call to action to share this information and sign up for the speaker's newsletter for further details.

Mindmap

Keywords

💡phishing attack

A phishing attack is a type of cybercrime in which attackers attempt to deceive users into revealing sensitive information, such as passwords or financial details, by posing as a trustworthy entity. In the context of the video, this attack targets Apple users, exploiting a bug to hijack accounts through overwhelming authentication requests.

💡multiactor bombing attack

A multiactor bombing attack, as detailed in the video, is a sophisticated phishing technique where the attacker overwhelms the target with a high volume of authentication requests, leading the target to mistakenly accept one and provide access to their account. This method is particularly dangerous as it leverages the user's trust in the system's notifications and the pressure to resolve the situation.

💡Apple ID

An Apple ID is a unique account identifier used by Apple users to access various Apple services such as iCloud, App Store, iTunes, and more. In the video, the new phishing attack specifically targets Apple ID accounts, exploiting a vulnerability to gain unauthorized access and control over the user's devices and personal data.

💡spoofed caller ID

A spoofed caller ID is a manipulated display of a phone number on the recipient's caller ID display, often used by scammers to impersonate a legitimate entity. In the video, attackers use a spoofed caller ID to display Apple's real customer support number, tricking users into believing the call is from official Apple Support.

💡one-time code

A one-time code is a temporary security credential that is used only once for authentication purposes, often sent to a user's device or provided by a service during account recovery processes. In the video, the attackers' goal is to obtain this code from users to reset passwords and take over accounts.

💡security researcher

A security researcher is an expert in the field of cybersecurity who investigates and analyzes potential threats, vulnerabilities, and attacks to enhance the security of digital systems and networks. In the context of the video, security researchers are studying the new phishing attack and providing insights into how it operates and how users can protect themselves.

💡rate limit

A rate limit is a restriction set on the number of requests a user or system can send to a server within a specific time frame. It is a common measure to prevent abuse or overloading of systems. In the video, the attackers have apparently found a way to bypass the rate limit on Apple's system, allowing them to send a large number of notifications to potential victims.

💡VoIP number

A VoIP (Voice over Internet Protocol) number is a phone number that is used to route calls over the internet rather than traditional phone lines. VoIP numbers can be obtained from various services such as Skype or Google Voice and offer features like call forwarding and lower costs. In the video, it is suggested as a potential security measure to change the phone number associated with an Apple ID to a VoIP number to protect against phishing attacks.

💡email alias

An email alias is an additional email address that is linked to a primary email account, allowing users to manage multiple email addresses from one inbox. In the context of the video, creating email aliases can enhance security by allowing users to create unique email addresses for different purposes without revealing their primary email address.

💡online security

Online security refers to the measures taken to protect digital systems and personal information from unauthorized access, theft, or damage. In the video, the importance of online security is emphasized as a crucial aspect of protecting oneself from phishing attacks and maintaining the integrity of one's digital presence.

💡public figures

Public figures are individuals who are widely recognized and have a high profile in society, often due to their profession, achievements, or involvement in significant events. In the context of the video, public figures are considered to be at a higher risk of phishing attacks, especially if they are involved in areas like cryptocurrency or hedge funds, where the potential financial gain for attackers is significant.

Highlights

A new phishing attack is targeting Apple users, exploiting a bug on Apple's end.

The attack, known as multiactor bombing, overwhelms the target with numerous authentication requests.

Scammers use a spoofed caller ID displaying Apple's real customer support number to trick users.

Victims are coerced into sharing a one-time code, allowing attackers to reset passwords and lock users out of their accounts.

A user reported being targeted even after changing their iPhone, email, and iCloud account.

Despite using Apple's security key for recovery, users are still vulnerable to this advanced phishing technique.

Cryptocurrency hedge fund owners are particularly at risk due to the value of their assets.

Attackers use the 'forgot Apple ID password' page to trigger the notification attack, bypassing rate limits.

The vulnerability lies in the ability to send alerts without being detected through mass request attempts.

Users are advised to remove personal information from people search websites to protect themselves.

Apple's password reset system accepts email aliases, allowing users to create unique addresses tied to one account.

Changing the account phone number to a VoIP number can offer additional protection, though with some service limitations.

Using a unique email address for Apple services can prevent inclusion in database leaks.

Apple support will rarely initiate outbound calls unless specifically requested by the customer.

Users should verify the legitimacy of calls claiming to be from Apple support by looking up the official number and calling back.

This phishing attack is particularly dangerous and evolving, affecting a broad range of potential targets.

Public figures involved in cryptocurrency are especially at risk due to the high value of their accounts.

Anyone with freely available information on people search websites or included in a database leak could be targeted.

Online security is crucial for everyone, and this phishing attack serves as a reminder to take precautions seriously.

Transcripts

00:00

this is a warning to anybody with an

00:02

Apple device because there is a new

00:04

fishing attack that is running rampant

00:06

right now that is hijacking Apple

00:08

accounts left and right and it's all

00:11

done via a bug on Apple's end so let's

00:14

discuss what this bug is how it actually

00:16

works and what you can do to protect

00:18

yourself so first off what exactly is

00:21

happening here and how is this any

00:22

different from all the previous fishing

00:24

attacks we've seen in the past that

00:26

Target Apple users so first off this

00:28

attack is known as a multiactor bombing

00:31

attack the idea is to overwhelm the

00:33

target with so many authentication

00:34

requests that they eventually accept one

00:37

mistakenly or because they want the

00:39

notifications to stop and the tricky

00:41

part about this is that when you're

00:42

under attack these alerts that you're

00:44

getting these popups that you're getting

00:46

are legitimate alerts from Apple and

00:48

like I said so far this is not new we've

00:50

seen this before however this has

00:53

evolved and we just started learning

00:55

about how this has evolved because of

00:57

this when you're under attack the

00:58

scammers are going to call you you with

01:00

a spoofed caller ID that shows Apple

01:03

support and it'll show Apple's real

01:06

customer support phone number and

01:07

they're going to say that your account

01:08

is under attack and that Apple support

01:10

needs to verify the one-time code that

01:13

you were sent and if you were to give

01:15

them this code the attackers can then

01:17

reset the password on your account and

01:19

lock you out and they can also remotely

01:21

wipe all of your Apple devices there's a

01:23

user on X who recently reported his

01:26

encounter with this attack saying this

01:29

because these are app Apple system level

01:30

alerts they prevent me from using my

01:32

phone watch or laptop until I clicked

01:35

don't allow on 100 plus notifications

01:39

and then when that fake Apple support

01:40

number called him he said that he was

01:42

obviously still on guard so he asked

01:44

them to validate a ton of personal

01:46

information and they got a lot right

01:48

including the date of birth email phone

01:51

number and current and previous

01:53

addresses in another instance an

01:54

individual reported that the push

01:56

notifications were continuing even after

01:59

he swapped his old iPhone for a new

02:01

iPhone changed his email address and

02:04

created a brand new iCloud account he

02:06

was still under attack even after going

02:08

through all that and yet another victim

02:10

received the password reset requests

02:12

even after enabling a recovery key for

02:15

their apple at the request of an Apple

02:17

support engineer and Apple has come out

02:19

and said that you know enabling this

02:21

security key is going to help you keep

02:22

your device secure but as we can see

02:25

from this new and improved fishing

02:26

attack even that is not going to stop

02:28

these people and then last Chris who is

02:30

a cryptocurrency hedge fund owner

02:32

experienced a similar fishing attack in

02:34

late February he said that the First

02:36

Alert I got I hit don't allow but then

02:39

right after that I got like 30 more

02:41

notifications in a row Chris says the

02:43

attackers persisted hitting his devices

02:45

with the reset notifications for several

02:48

days after that and at one point he

02:50

received a call on his iPhone that said

02:52

it was from Apple support but

02:54

fortunately he did the correct thing

02:55

here by hanging up and calling back

02:57

Apple supports himself and when he

02:59

called the the real Apple they couldn't

03:01

say whether or not anybody had been in a

03:02

support call with him I guess that's

03:04

their security measure but he said that

03:06

Apple States very clearly that it will

03:08

never initiate outbound calls to

03:10

customers unless the customer requests

03:12

to be contacted Okay so we've heard

03:14

multiple reports now of this happening

03:15

we know it's running rampid right now

03:17

and it's really just starting here in

03:18

2024 from what we've seen so what is

03:21

actually going on here how is this even

03:23

happening so according to Krabs on

03:25

security attackers appear to be using

03:27

the forgot Apple ID password page to Tri

03:29

trigger the notification attack and this

03:32

page requires either your Apple ID email

03:34

or the phone number associated with your

03:36

Apple ID account and when you put in an

03:38

email address the page shows the last

03:40

two digits of the phone number that's

03:42

associated with that Apple ID and when

03:44

you fill in the missing digits and hit

03:46

submit the alerts get sent but the odd

03:48

thing here is that this page has a

03:51

capture to prevent any type of mass

03:54

requests but that's what the

03:56

vulnerability seems to be here because

03:58

it looks like these people have somehow

04:00

found a way to bypass the capture rate

04:03

limit according to security researcher

04:05

Matt Johansson and previous MFA bombing

04:08

the attacker would have compromised the

04:10

user's password either via fishing or

04:12

data leak and then used it many times

04:14

until the user confirmed the MFA push

04:17

notification but in this attack all the

04:19

hacker has is the user's phone number or

04:22

email address that's associated with an

04:24

iCloud account and they're taking

04:25

advantage of the forgot password flow

04:28

prompting on the user's Trust usted

04:30

device to allow the password reset to go

04:32

through and then when they get the call

04:33

from the legitimate Apple number and the

04:36

person on the phone is saying they're

04:37

here to help they're here to you know

04:39

erase all those notifications off your

04:40

device they just need that onetime code

04:43

a lot of users are probably going to

04:44

hand that over because again they're

04:46

overwhelmed they just want it to end and

04:47

it showed a verified Apple support

04:49

number calling so this security

04:51

researcher says I'm guessing this is a

04:53

very high success rate tactic so as you

04:55

can tell this fishing attack just

04:57

continues to evolve and this is just the

04:59

latest iteration of this so now with all

05:02

that being said now that you know how it

05:03

works and now that you know you know

05:05

stories of people who this has happened

05:06

to how can you protect yourself so that

05:09

you are not a victim well the number one

05:11

thing is that these attackers appear to

05:13

be scraping people search websites for

05:16

information such as your name your

05:18

address your phone number and all of

05:19

that so the first step to protecting

05:21

yourself is to remove your information

05:23

from these websites now there's a site

05:26

I'm going to link down in the

05:26

description below that shows you how to

05:29

go in and manually opt out of all of

05:31

these different people search websites

05:33

that's something you should do just for

05:34

your own privacy Even This fishing

05:36

attack aside that's something you need

05:38

to do just for your own privacy being on

05:40

the internet in general now another

05:42

thing you can do is something that Krebs

05:44

pointed out and he says that Apple's

05:45

password reset system will also accept

05:48

email aliases so if you add a plus

05:51

character after the username portion of

05:53

your email address it will let you

05:54

create an infinite number of unique

05:56

email addresses tied to the same account

05:59

and they also suggested that you can

06:01

change the phone number associated with

06:03

your account to a VoIP number such as

06:05

one from Skype or Google Voice however

06:08

this is going to disable iMessage and

06:10

FaceTime so if you're okay with having

06:12

those disabled you know especially if

06:14

you're a public figure anything related

06:16

to crypto or anything like that where

06:18

you're a major major Target that could

06:20

be worth it and something else that I've

06:21

learned just from personal experience is

06:23

to use an email address that you do not

06:26

use anywhere else online use that as

06:28

your Apple

06:30

email address that way there's no way

06:31

it's going to be included in any type of

06:33

database leak or anything like that so

06:36

that's another one a big one that I

06:37

would recommend and then lastly just

06:39

know that Apple support will almost

06:41

never call you unless you reached out to

06:43

them and told them that you want them to

06:45

contact you if you get a phone call or a

06:48

text message or anything that claims

06:50

it's from Apple support and you did not

06:51

request that just deny it it is not

06:54

apple and if you suspect that it might

06:56

be legitimate just don't answer for the

06:58

time being and then just Google what the

06:59

Apple support phone number is and call

07:01

that number yourself so I just wanted to

07:03

get on here today and inform you of the

07:05

new multiactor bombing attack that's

07:07

going on right now for iPhone users and

07:10

really anybody with an Apple ID account

07:12

you are potentially at risk with this

07:15

now like I said like I alluded to

07:16

earlier those who are public figures

07:19

obviously are going to be the ones most

07:20

at risk especially if you're involved

07:22

with any type of crypto or hedge fund or

07:24

anything like that you always have the

07:26

biggest Target on your back but

07:28

realistically this could Target anybody

07:30

who has their information just freely

07:32

out there on people search websites or

07:34

when their passwords were included in a

07:36

database leak you just need to take your

07:37

online security seriously because this

07:40

could really impact anybody so I hope

07:42

you found this video helpful if you did

07:43

I would appreciate if you gave it a

07:44

thumbs up also be sure to share this

07:46

video around to your friends especially

07:48

those who might be a bit older and don't

07:50

really understand security and just

07:52

keeping your yourself secure online this

07:54

video could help them also make sure to

07:56

sign up to my newsletter that is linked

07:58

down in the description below I will be

08:00

doing a written format of this video in

08:02

that newsletter that goes out tomorrow

08:04

but anyways guys thanks for watching and

08:06

I'll see you soon

Rate This

5.0 / 5 (0 votes)

関連タグ
CyberSecurityApplePhishingUserProtectionScamAlertOnlineSafetyTechThreatsPrivacyTipsAccountSecurityDigitalIdentityCyberAttack
日本語の要約は必要ですか?