A new phishing attack on the iPhone is underway. In a new way, hackers are trying to penetrate your Apple ecosystem.
Criminals are trying to break into your smartphone in the most original ways. This time it’s iPhone users’ turn with a new phishing method.
If the hackers succeed, you can be locked out of every Apple device you own. So not only your iPhone, but also your iPad and MacBook.
Hackers try to hack your iPhone in devious way
To be precise, hackers are trying to break into your Apple ID through the iPhone. They do this through MFA bombardment, where you constantly get requests to set up two-step verification through your iPhone. The screen then asks you to allow or deny this, reports KrebsonSecurity.
This is bogus, however, and if you select “allow,” the hacker can change the Apple ID password, preventing you from accessing it. You don’t just use your Apple ID on your iPhone, which also locks you out on things like your iPad and MacBook.
Hacker then… (Image: Nahel Abdul Hadi)
That makes the attack particularly powerful, because all at once you can no longer access files that are on another device either. So you lose everything, including documents on your iCloud, which is also linked to your Apple ID.
Here’s how they go about it
The attack is well constructed because the hackers exploit a bug. For example, if you press “decline,” the request for two-step verification keeps coming back, at some point causing you to consent out of fatigue or accidentally.
The hackers tried to strike at American Parth Patel. On X, he says he had to ignore more than 100 such messages. It didn’t end there, by the way. Hackers then tried to call him, posing as Apple employees.
This, too, went ingeniously. On the screen of his iPhone, it looked like Apple was calling, as they used a fake caller ID. On the phone, they asked for a one-time password. Much of the information the hackers got from a leaked People Data Labs database allowed them to scoop up many facts. Fortunately for Patel, his information was wrong in it, so he saw through the hackers.
Twitter is not loading because you did not give permission.
Last night, I was targeted for a sophisticated phishing attack on my Apple ID.
This was a high effort concentrated attempt at me.
Other founders are being targeted by the same group/attack, so I’m sharing what happened for visibility.
Here’s how it went down:
– Parth (@parth220_) March 23, 2024
They are trying to use that password to log into a page for Apple ID users who have forgotten their password. They are trying to access your Apple account that you also use for your iPhone via a reset request and your credentials.
Stay tuned
It just goes to show how much effort hackers put into breaking into an account. This way they can use your data, or ask for money to give you access to your account again. In this case it happened in the United States, but this could just as easily happen in the Netherlands.
Listen to Freakin’ Nerds
Every week we take an even deeper look at tech, pop culture and lifestyle in our podcast Freakin’ Nerds. With this week:
Hyundai Ioniq 5 N: the most fun electric car of the moment
Call of Duty: Warzone Mobile
The possible arrival of the Samsung Galaxy Z Fold 6 FE
So if you get an odd request for two-step verification or use of a certain iPhone app, don’t just click “allow.” An Apple employee will never call you anyway, much less ask you for a password. So never give your account password on the phone, the same goes for a bank or other business, for example.
