Posted 3/27/2024, 10:06:00 PM
Apple Users Targeted in Sophisticated Phishing Campaign Abusing Password Reset Flaw
- Apple device owners being bombarded with phony password reset requests in targeted campaign
- Attack aims to exhaust users into allowing unwanted password reset by flooding requests
- Scammers able to spoof Apple support number and trick users into providing login codes
- Attackers appear to have gathered personal info from data broker to make scam seem legitimate
- Apple has not yet addressed potential rate-limiting flaw allowing flood of reset requests