Don’t Fall for the Apple ID Password Reset Scam

If you are an iPhone or iPad user and receive a barrage of notifications to reset your Apple ID password, it’s likely a scam.

There have been reports of Apple users who have been bombarded by scam messages that appear like legitimate system alerts to update their passwords. Then, they receive calls that appear to come from Apple customer support telling them they need to reset their passwords. 

The aim of the scam appears to be to gain access to Apple users’ account information and devices. Here’s what to know about how this scam works and what you can do to avoid it.

How the Apple ID scam works

By taking advantage of a weakness in a multi-factor authentication system, scammers have been using what is called “push bombing” or “MFA fatigue” attacks to send iPhone owners large numbers of unsolicited system alerts to approve a password change, according to a report by KrebsOnSecurity. Some Apple customers have reported receiving more than 100 of these alerts in a matter of minutes prompting them to reset their Apple ID password. 

Because the messages are system alerts, you can’t access your phone until you click “Allow” or “Don’t Allow.” However, pressing “Don’t Allow” doesn’t put an end to the scam. Instead, according to reports KrebsOnSecurity received, scammers call using a spoofed number that appears to be from Apple customer support. 

The callers claiming to be with customer support offer to help with the password reset alert. They ask Apple customers to provide a one-time code that has been sent to their devices. With this code, they can reset account passwords and lock users out.

How to avoid the Apple ID scam

If you aren’t trying to reset your password but are receiving alerts prompting you to do so, assume it’s a scam. Then take these steps to stay safe.

• Don’t click “Accept.” Don’t authorize any changes to your password if you receive a message out of the blue to make a change.
• Don’t trust caller ID.  Scammers can use technology to make the number that appears on your caller ID look like it’s from Apple customer support.  According to Apple, you should assume that any unsolicited call, message or request for information that appears to come from Apple is a scam. Hang up.
• Never share your Apple ID password. Apple won’t ask for this information to provide support.
• Don’t click on links in unsolicited emails or messages. Send any suspicious email or text messages that appear to be from the company to reportphishing@apple.com. 

‍

Sometimes, these phishing attacks can happen when hackers get their hands on your personal information, such as your phone number and email address, through data breaches. Using a financial safety service such as Carefull can alert you when your personal information is being misused. Carefull provides identity, credit and account monitoring, $1 million in identity theft insurance and spam blocking assistance to cut down on the number of spam calls you receive. 

‍

Try Carefull for free for 30 days to protect your finances, credit and identity.

‍