Beware of MFA Bombing: A New Phishing Attack Targeting Apple Users

Apple users are increasingly facing a new type of phishing attack known as “MFA Bombing,” which exploits a combination of user impatience and a bug in Apple’s password reset system. Phishing attacks typically trick users into providing sensitive information or granting access to their accounts through deceptive messages. In the case of MFA Bombing, attackers bombard victims with fake “Reset Password” notifications, appearing to come from Apple, to trick users into allowing the password reset, thereby giving the attacker access to the account.

Beware of MFA Bombing: A New Phishing Attack Targeting Apple Users

The attack begins with victims receiving multiple “Reset Password” notifications on their Apple devices, such as iPhones, Macs, iPads, or Apple Watches. These notifications contain the text “Use this iPhone to reset your Apple ID password,” along with options to allow or reject the request. While the initial notification is legitimate and serves as a form of multi-factor authentication, the attack relies on overwhelming the user with a large number of notifications. The hope is that the user will either mistakenly select “Allow” instead of “Don’t Allow” due to the sheer volume of notifications or will be coerced into selecting “Allow” to stop the notifications.

If the notification bombardment does not succeed, attackers may resort to a second phase involving phone calls. Using spoofed caller IDs to make it appear as though they are calling from Apple Support, attackers may contact victims and attempt to extract additional information under the guise of verifying their account details. This can include asking for a one-time password sent to the victim’s device, which, if provided, allows the attacker to reset the account password and gain access.

To protect against MFA Bombing and similar attacks, Apple users should remain vigilant and always select “Don’t Allow” when prompted with suspicious password reset notifications. If contacted by someone claiming to be from Apple Support, users should verify their identity by calling back using the official Apple support number. Additionally, enabling the Apple Recovery Key can provide an added layer of security, as it prevents an attacker from using the standard account recovery process. However, users should ensure they keep the Recovery Key secure and not share it with anyone, as it is a crucial step in protecting their account from unauthorized access.