How a flaw in iPhone’s security could leave you locked out

Join Fox News for access to this content

Plus special access to select articles and other premium content with your account – free of charge.

Please enter a valid email address.

By entering your email and pushing continue, you are agreeing to Fox News’ Terms of Use and Privacy Policy, which includes our Notice of Financial Incentive. To access the content, check your email and follow the instructions provided.

Having trouble? Click here.

There’s a common misconception that Apple products come with more security than Android. 

Whatever side of the argument you’re on, don’t let that idea prevent you from keeping your guard up. 

There’s a new scam out there targeting iPhone users, and if you’re unprepared, you might find yourself permanently locked out.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What is the ‘push bombing/MFA fatigue’ scam?

If you suddenly see a “Reset Password” notification on your iPhone screen that only gives you the option to “Allow” or “Don’t Allow,” you may be a victim of this latest “push bombing” scam. Scammers have supposedly found a way to exploit this new bug in Apple. Though, it’s not totally clear if the bug is the reason.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

If you see this notification, and you hit “Don’t Allow” (as you should), it only prompts more of these notifications to pop up, like those annoying pop-up window attacks that we used to get back in the day. As you frantically click “Don’t Allow” over and over again, your finger could accidentally slip, clicking “Allow.”

If you do click “Allow,” scammers will be given access to your iPhone account, and you can be permanently locked out of your phone.

MORE: HOW TO UPDATE YOUR PASSCODE ON YOUR IPHONE  

Warnings if you’re in the Apple ecosystem

This scam isn’t just stopping at your iPhone. If you’re dedicated to the Apple ecosystem, then it’s important to note that users reported experiencing this scam on their other Apple devices, including the Apple Watch.

Not only this, but one user reported that after clicking “Don’t Allow” over and over again and the notifications eventually going away, the scammers actually called his iPhone in another attempt to catch him. Generally, Apple Support won’t call you out of nowhere.

MORE: HOW TO PROTECT YOUR IPHONE CALENDAR FROM DISTRACTING SPAM INVITATIONS

Apple’s response to the ‘reset password’ notification scam

“We are aware of reports that a small number of iPhone users are receiving a high volume of alerts asking if they are attempting to reset their password and have taken steps to address the reported issue,” a spokesperson for the company said.

How to outsmart this scam and protect yourself

If you do happen to be targeted by this attack, it’s of the utmost importance that you don’t tap “Allow” on any of these password reset notifications. Dismissing them one after the next will take a while, but they will go away.

If you give up and click “Allow,” it will give the hackers behind this campaign complete control over your Apple account. So don’t click “Allow” whatever you do. If you need help, you can always reach out to Apple by logging on here.

MORE: 8 WAYS TO LOCK UP YOUR IPHONE’S PRIVATE STUFF

What to do if the prompts persist? 

If the prompts persist, temporarily change your phone number associated with your Apple ID. Keep in mind that this may affect iMessage and FaceTime functionality.

Watch out for scammers posing as Apple Support

If you manage to eliminate the notifications and then get a call from someone claiming to be from Apple Support, it’s likely the scammers. Just hang up. Whatever you do, don’t give any information to them. If you gave out any personal information like a Social Security number, follow the steps at IdentityTheft.gov. You’ll be able to make a report there, and the website will help come up with a recovery plan for you and walk you through each step of gaining your identity back. You can also call Apple directly at 800-275-2273 (in the U.S.) to verify any communication.

AI WORM EXPOSES SECURITY FLAWS IN AI TOOLS LIKE CHATGPT

Reporting scam phone calls 

You can report scam phone calls to the Federal Trade Commission at reportfraud.ftc.gov or to your local law enforcement agency.

Is turning on ‘Apple Recovery Key’ a solution?

According to Krebs on Security, real Apple Support suggests turning on Apple Recovery Key to avoid the notifications, but when one of the victims tried it, it did not stop them. 

Stay tuned at Apple Support’s page for updates.

Safeguarding your Apple account 

When setting up an Apple account, it’s common knowledge that a phone number is required. However, once the account is established, this phone number doesn’t necessarily have to be a mobile one. Apple accepts VOIP numbers (such as Google Voice) as valid alternatives. Therefore, one potential mitigation strategy is to change your account phone number to a lesser-known VOIP number.

Important Note: If you opt for a VOIP number, be aware that Apple’s iMessage and FaceTime applications will be disabled for that device unless you also include a real mobile number. 

Additionally, Apple’s password reset system accommodates email aliases. By appending a “+” character after the username portion of your email address and adding a site-specific notation (e.g., [email protected]), you can create an unlimited number of unique email addresses associated with the same account. This technique allows for better organization and tracking of incoming emails.

Tip: When choosing an alias, consider using something less obvious than “+apple” to enhance security and privacy.

Kurt’s key takeaways

Security is a never-ending game of cat and mouse, and no device is ever truly invincible. Apple’s on the case, but until a fix is here, vigilance is key. If you are bombarded with “Reset Password” prompts, stay calm, resist clicking ‘Allow’ at all costs and patiently dismiss each notification. Also, be sure to stay updated on Apple’s progress for a permanent solution. By following these steps, you can outsmart this scam and keep your Apple ecosystem safe.

CLICK HERE TO GET THE FOX NEWS APP

Do you think companies like Apple should be held more accountable for security vulnerabilities? Why or why not? Let us know by writing us atCyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Answers to the most asked CyberGuy questions:

What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?What is the best way to stay private, secure and anonymous while browsing the web?How can I get rid of robocalls with apps and data removal services?

Copyright 2024 CyberGuy.com.  All rights reserved.