Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests

by

Phishing attacks taking advantage of Apple's password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to cause panic so they'll respond favorably to social engineering.

reset password request iphone
An attacker is able to cause the target's iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again. Because the password requests target the Apple ID, they pop up on all of a user's devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on "Don't Allow" for more than 100 notifications.

The actual popup can't be used to gain access to an Apple device, and it serves as a front for attackers to incite fear in the target. Following the flood of notifications, the attacker calls using a spoofed number that makes it appear to be coming from Apple. On these calls, the attacker confirms that the victim's account is under attack, and that sensitive information is needed to put a stop to it. It appears that the attacker is after a one-time code to confirm a password reset or login attempt.

In Patel's case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack hinges on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌ at a minimum, and given the description of what's been happening, it is likely that bad actors also had access to the victim's ‌Apple ID‌ password from database leaks and other means. One-time codes are most often triggered as secondary security, so the attacker sends the notification spam, calls the target to "save" them from the attack, logs in to the ‌Apple ID‌ with the stolen information and password, and triggers the one-time code. If the target hands over the code at this point, the attacker will have full access to the ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple's page for a forgotten ‌Apple ID‌ password to send the notification spam. This page requires a user's ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple's system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this attack should remain calm and make sure not to provide sensitive information to someone who calls, even if the phone call appears to be coming from Apple. Spoofing a phone number is a simple thing to do, so the best course of action is to hang up and call Apple support directly. There is never a situation where a one-time code should be shared with another person, and Apple will never ask for a code.

Update: This article has been updated to clarify how the attack works. The prior version suggested that an ‌Apple ID‌ could be accessed should someone press "Allow" on one of the password request popups, but that is inaccurate. This is a complicated, multi-step attack that requires social engineering, but the password reset spam is a component that Apple will hopefully address in a future update.

Popular Stories

iOS 18

Apple Says iOS 18.4 Will Be Released in April With These New Features

Wednesday February 26, 2025 7:15 am PST by
In a recent press release, Apple confirmed that iOS 18.4 will be released in April. From the Apple News+ Food announcement:Coming with iOS 18.4 and iPadOS 18.4 in April, Apple News+ subscribers will have access to Apple News+ Food, a new section that will feature tens of thousands of recipes — as well as stories about restaurants, healthy eating, kitchen essentials, and more — from the...
Read Full Article43 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Latest iPhone 17 Series CAD Images in Line With Redesign Rumors

Friday February 28, 2025 2:51 am PST by
Apple is expected to embrace a new camera system design for some models in its upcoming iPhone 17 series, and the latest purported CAD images don't deviate from what we have been hearing lately about Apple's new lineup. If you do not like the sound of an iPhone with a Google Pixel-style camera bar, look away now. Seasoned leaker Sonny Dickson shared the following images in a post on X...
Read Full Article102 comments
iphone 16e usb c feature

Apple Provides Reason for iPhone 16e's Lack of MagSafe

Friday February 28, 2025 4:39 am PST by
Apple has offered a reason why the iPhone 16e doesn't include MagSafe, one of the more notable omissions from its latest entry-level smartphone. According to Apple representatives who spoke to Daring Fireball's John Gruber, MagSafe is not included in the iPhone 16e because "most people in the iPhone 16e's target audience exclusively charge their phones by plugging them into a charging...
Read Full Article345 comments
apple intelligence black

These New Apple Intelligence Features Are Coming in iOS 18.4

Friday February 28, 2025 3:17 pm PST by
iOS 18.4 was supposed to bring new Apple Intelligence Siri features, but Apple ended up needing to pull those capabilities from the update to continue testing. There are fewer new Apple Intelligence additions now, but there are still some new features that will make the update worth installing when it comes out in April. Priority Notifications Apple introduced Priority Notifications back at ...
Read Full Article69 comments
Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Include These New Features for Your iPhone

Saturday March 1, 2025 11:00 am PST by
iOS 19 is still around three months away from being unveiled, but there are plenty of rumors about the upcoming update. Below, we recap iOS 19 rumors so far. Redesigned Camera App A leak earlier this year allegedly revealed a redesigned Camera app coming with iOS 19. On his YouTube channel Front Page Tech in January, Jon Prosser shared a video showing what the new Camera app will...
Read Full Article104 comments
cook trump

Trump Responds to Apple Keeping Diversity Policies

Wednesday February 26, 2025 6:32 am PST by
In an all-caps post on Truth Social today, U.S. President Donald Trump said Apple should fully end its diversity, equity, and inclusion (DEI) policies. Tim Cook meeting with President Trump in 2017 "APPLE SHOULD GET RID OF DEI RULES, NOT JUST MAKE ADJUSTMENTS TO THEM," he wrote. Trump's post comes one day after Apple held its annual shareholders meeting, during which a majority of...
Read Full Article478 comments
apple watch ultra snow

6 Features Coming to the Apple Watch Ultra 3

Tuesday February 25, 2025 9:00 am PST by
The Apple Watch Ultra 3 is expected to launch later this year, arriving two years after the previous model with a series of improvements. While no noticeable design changes are expected for the third generation since the company tends to stick with the same Apple Watch design through three generations before changing it, there are a series of internal upgrades on the way. By the time the ...
Read Full Article194 comments
airpods pro purple

Here's When AirPods Pro 3 Are Rumored to Launch

Monday February 24, 2025 9:14 am PST by
According to a post on X today from a leaker known as Kosutami, Apple plans to launch AirPods Pro 3 in May or June this year. The leaker also claimed that an AirTag 2 will launch around the same time. Kosutami is best known as a collector of prototype Apple hardware, but they have occasionally shared accurate information about Apple's future product plans. For example, they accurately...
Read Full Article
apple c1

How Fast is Apple's First-Ever 5G Modem? The Results Are Surprising

Friday February 28, 2025 10:08 am PST by
iPhone 16e reviews are now out, and Apple's custom-designed C1 modem has been put to the test. The results so far are quite surprising, as the C1's speeds are not as slow compared to Qualcomm modems as originally expected. While the C1 does not support ultra-fast mmWave 5G in the U.S., it appears to offer comparable 5G performance to Qualcomm's Snapdragon X71 modem found in the iPhone 16,...
Read Full Article143 comments

Top Rated Comments

checker2010 Avatar
checker2010
12 months ago

iCloud Lock was the worst thing Apple has done to the iPhone. Some people legit get permanently locked out of their own phones because of it.
Activation lock is a fantastic feature. I’d recommend everyone have it enabled.
Score: 50 Votes (Like | Disagree)
Realityck Avatar
Realityck
12 months ago

When attackers are unable to get the person to click "Allow" on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user's phone number when attempting a password change.
Never trust a company to call you out of the blue! Just tell them you are hanging up and contacting that company directly.
Score: 42 Votes (Like | Disagree)
vegetassj4 Avatar
vegetassj4
12 months ago
Thank my lucky stars Apple Security warned me before this exploit was used:



Attachment Image
Score: 34 Votes (Like | Disagree)
boswald Avatar
boswald
12 months ago
Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
Score: 28 Votes (Like | Disagree)
whsbuss Avatar
whsbuss
12 months ago
And the DOJ and EU keep tearing down the Apple ecosystem. What insanity
Score: 28 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
12 months ago

Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
I wonder if it is something that can be fixed or limited on Apple's side. Sounds like it. They should do it TODAY.
Score: 22 Votes (Like | Disagree)
Read All Comments