• Phishing Attack Method: Hackers are exploiting Apple’s password-reset function to send multiple notifications to victims’ iPhones. They follow up with a phone call pretending to be Apple support to gain trust and access to Apple accounts.
• Victim Experience: Victims receive a barrage of password-reset notifications, which prevents them from using their devices until they dismiss each alert. The attackers then contact the victims, spoofing Apple’s official support number.
• Security Implications: The incident suggests a potential software bug in Apple’s password-reset function that allows attackers to bypass CAPTCHA checks and spam users with notifications. This raises concerns about the security of Apple’s password reset process and user accounts.

The emphasizes the importance of being vigilant against such phishing attempts and not providing sensitive information over the phone to unsolicited callers, even if they appear to be from legitimate sources. It also highlights the need for companies like Apple to address potential vulnerabilities that can be exploited by cybercriminals.

References: pcmag.com