New phishing campaign targeting Apple ID accounts: how to protect yourself from attacks?

Phishing Campaign Targeting Apple ID Using “Push Bombing” and Caller ID Spoofing

Lately, technology professionals, including startup founders and cybersecurity experts, have become the target of a new phishing campaign aimed at Apple ID accounts. The attacks leverage techniques such as “push bombing” and caller ID spoofing, posing a threat to user data security.

Attack Description on a Startup Founder

One of the targeted professionals, Parth Patel, a software engineer and co-founder of a stealth tech startup, publicly described an attack on the X platform. Patel and other startup founders were bombarded with “push” notifications on their Apple devices, prompting them to reset their Apple ID password.

Patel witnessed over 100 consecutive notifications and then received a call from someone impersonating genuine Apple support, requesting the victim to divulge a one-time passcode sent to their phone.

Data Threat and Attack Consequences

The impacts of a successful attack can be severe, allowing the attacker to take over iCloud accounts, gain access to sensitive information, and remotely wipe data from devices. Even vigilant individuals can fall victim, and attackers may persist in “push” bombardment despite mitigation efforts.

Apple’s Response and User Recommendations

Apple has not confirmed conducting an investigation into the attacks. It is advisable to avoid suspicious calls and report any questionable activities. It’s essential to remember that Apple never asks users to disclose passwords or codes for technical support purposes.

In conclusion: Phishing attacks targeting Apple ID pose a serious threat to users. It is crucial to remain vigilant and refrain from sharing confidential information with third parties.