Recently, many iPhone users reported being targeted by attackers using Apple’s number. The attacks force Apple devices to display several system-level prompts. Users respond with “Allow” or “Don’t Allow” to each prompt before they get access to their devices.
Phishing attacks are when hackers send fake messages or emails that appear legitimate, and they’re ever-increasing. These messages and attacks aim to steal sensitive data from the victims or install malware on their devices. While most phishing attacks are easy to identify, the recent attacks on iPhone users are dangerous as reports state the attackers were using Apple’s number.
Attackers call users using Apple’s number
From the looks of it, the hackers are attempting to use a glitch in the Apple password mechanism to their advantage. The hackers rely on users selecting allow either by mistake or willingly so they can take control of the devices. While most users familiar with the dangers of technology know not to share personal details, the hackers prey on the unsuspecting.
One of the targets, Parth Patel, recounted the push bombing he faced by the phishing attack on the popular social platform X. He went further in-depth to KrebsOnSecurity when he stated the following:
“All of my devices started blowing up, my watch, laptop and phone. It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone. I had to go through and decline like 100-plus notifications.”
After declining all the prompts, he received a call from what appeared to be Apple’s number. The number displayed was 1-800-275-2273, Apple’s official customer support line.
The caller on the other side of the phone knew Parth’s personal details but got his real name wrong. Getting his name wrong made Parth suspicious, which resulted in him cutting the call. If he had given the attacker his OTP, he would have likely lost access to his devices and data.
How do attackers know the victim’s details?
Attackers utilize multiple websites that sell people’s details online in exchange for money. While some attempt to get their information removed from such sites, that isn’t always possible. Therefore, strangers can potentially access your details without you knowing.
Alongside the mentioned websites, some attackers also utilize social media to collect information on their targets. Many people tend to post their lives on platforms like Instagram, and a quick scroll on their profiles can give attackers all the information they need. It’s a good idea to tighten your social media privacy.
Unfortunately, according to an apparent target of the recent attacks on iPhone users called Chris, attackers use phone numbers. According to what he told KrebsOnSecurity, Chris bought an entirely new iPhone to escape the never-ending prompts. However, he received the same prompts on his new device, where the only common features were his phone number and iCloud account.
It’s always better to be cautious and never give out details or any OTP when receiving calls. OTPs are the last defense against many nefarious attacks, and keeping it to yourself can thwart their attempts.
