General Category > Computers
What is MFA bombing? Apple users were targeted using this phishing technique
(1/1)
Elderberry:
Security Brief By Stephen Kho 6/7/2024
Some Apple users have reported phishing attacks using the password reset feature.
You notice a system prompt on your iPhone about your password. You click “Don’t allow”. Then it happens again and again, one after the other. At some point, you might get annoyed or start to panic and click “Allow”.
Then, you get a phone call from an “Apple rep” to help you reset your password, but when they confirm your information, you notice that they got your name wrong. That’s exactly what happened to one man who was lucky enough to notice the charade before it was too late.
If he hadn’t figured out something was off, he would’ve been locked from his account while the attackers got to all his personal information. This is the goal of this new mode of phishing attack called MFA bombing or push bombing.
What is MFA bombing
MFA bombing, or push bombing, is a new phishing technique that reveals a sophisticated evolution in tactics. It exploits both technological vulnerabilities and human psychology.
The attackers bomb the system with prompts, flooding the user’s device until they feel “notification fatigue”. Once overwhelmed, the victim is more likely to mistakenly approve a malicious request.
How does it affect Apple users?
Following the burst of prompts, the user receives a phone call from someone claiming to be from Apple Support. The phone number displayed may be spoofed to appear as Apple’s official support number, adding a layer of perceived legitimacy to the call.
More: https://securitybrief.co.nz/story/what-is-mfa-bombing-apple-users-were-targeted-using-this-phishing-technique
Navigation
[0] Message Index
Go to full version