It is always said that Apple mobile phones have a high standard linked to security. Despite this, cyberattacks are increasingly more sophisticated in technological terms and more exhausting in the human aspect. An example of this are recent attacks on iPhone devices.
The cybersecurity company CheckPoint Software points out that it has detected a new type of phishing or identity theft attack, called MFA bombing. Cybercriminals send notifications to the mobile phone informing about an error in Apple's password reset feature and thus attempt to obtain multi-factor authentication (MFA) keys.
As its name suggests, multi-factor authentication requires multiple authentication factors to gain access to a user's account. An authentication factor is a means of proving a user's identity to a system. And MFA uses several, based on who you are (a fingerprint, for example), what you have (a specific mobile phone) or what you know (a question or a password).
Rapid MFA bombardment floods users with prompts to access a system or device, with the goal that the user will eventually accept one. In this particular case, the iPhone owners receive dozens of messages reporting a bug in Apple's password reset feature. The options given are Allow or Disallow locking the device. The attackers then call the victim posing as Apple support with the aim of “verifying” a one-time code and thus accessing the linked accounts.
If the user gives the number, it allows the access to your device to cybercriminals and thus to your accounts and personal data. To avoid this we can block the number from which we receive the messages.
It is also useful to know that Apple will not send constant messages linked to this type of incident. We can talk to Apple technical services to find out if this is true. Another measure is to look for the number from which we received the call to see if it is registered as Spam.
What must be clear is that companies They do not ask for personal information over the phone when alerting of a problem with a device.