A series of targeted attacks designed to hijack iCloud accounts by doing something that causes the user’s device to be inundated with One Time Password requests is apparently making the rounds. The key word is targeted as at the moment it appears that only specific individuals are being targeted with this attack.
The attack goes something like this:
- You are flooded by password change requests on your various iDevices. The logic by the threat actors is that if they send enough requests, the target might eventually click yes either by accident or because you want to make the prompts stop.
- If that doesn’t work, the target will get a phone call from “Apple Support” which isn’t really Apple Support. But they will spoof the actual Apple Tech Support number to pretend to be Apple Support.
- “Apple Support” will then use open source intelligence to present you with information that they are trying to “validate” and then proceed to talk you into accepting a One Time Password request or giving them the One Time Password code. If you do that you’ll have your Apple iCloud account taken over.
One person who was targeted by this attack posted his experience on Twitter. I encourage you to click below to read the whole episode:
To be clear. Apple would never behave in this manner. They would never call you, nor would they ever ask you to hand over a One Time Password code. Or put another way, you should never give anyone that code. EVER. Thus every Apple user needs to be on guard for this attack as today it might be a highly targeted attack. But in the future it could broaden out to anyone which makes it highly dangerous. In the meantime, I wonder what if anything that Apple could do about it. They can’t do anything about a spoofed number, but the attack vector has to be something that perhaps they can do something about.
Related
This entry was posted on March 25, 2024 at 8:28 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Someone Is Targeting Apple iCloud Users With A High Effort Attack To Take Over Apple iCloud Accounts
A series of targeted attacks designed to hijack iCloud accounts by doing something that causes the user’s device to be inundated with One Time Password requests is apparently making the rounds. The key word is targeted as at the moment it appears that only specific individuals are being targeted with this attack.
The attack goes something like this:
One person who was targeted by this attack posted his experience on Twitter. I encourage you to click below to read the whole episode:
To be clear. Apple would never behave in this manner. They would never call you, nor would they ever ask you to hand over a One Time Password code. Or put another way, you should never give anyone that code. EVER. Thus every Apple user needs to be on guard for this attack as today it might be a highly targeted attack. But in the future it could broaden out to anyone which makes it highly dangerous. In the meantime, I wonder what if anything that Apple could do about it. They can’t do anything about a spoofed number, but the attack vector has to be something that perhaps they can do something about.
Share this:
Like this:
Related
This entry was posted on March 25, 2024 at 8:28 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.