Sophisticated Phishing Attack Targets Apple Users with Fake Password Resets and Support Calls
-
New sophisticated phishing attack spams Apple devices with password reset requests and follows up with fake Apple Support calls to trick users into sharing reset codes.
-
Attack targeted Apple entrepreneur Parth Patel, flooding his devices with over 100 reset prompts, then caller pretending to be Apple Support asked for OTP code.
-
Attackers used leaked personal data from People Data Labs to convince victims the calls were real and gain trust.
-
Goal is to get victims to share Apple ID password reset code, granting full account access.
-
Apple has not yet commented or released update to prevent flood of password resets; best defense is never sharing codes with unknown parties.