Don’t Fall for the Apple ID Password Reset Scam
If you are an iPhone or iPad user and receive a barrage of notifications to reset your Apple ID password, it’s likely a scam.
There have been reports of Apple users who have been bombarded by scam messages that appear like legitimate system alerts to update their passwords. Then, they receive calls that appear to come from Apple customer support telling them they need to reset their passwords.
The aim of the scam appears to be to gain access to Apple users’ account information and devices. Here’s what to know about how this scam works and what you can do to avoid it.
How the Apple ID scam works
By taking advantage of a weakness in a multi-factor authentication system, scammers have been using what is called “push bombing” or “MFA fatigue” attacks to send iPhone owners large numbers of unsolicited system alerts to approve a password change, according to a report by KrebsOnSecurity. Some Apple customers have reported receiving more than 100 of these alerts in a matter of minutes prompting them to reset their Apple ID password.
Because the messages are system alerts, you can’t access your phone until you click “Allow” or “Don’t Allow.” However, pressing “Don’t Allow” doesn’t put an end to the scam. Instead, according to reports KrebsOnSecurity received, scammers call using a spoofed number that appears to be from Apple customer support.
The callers claiming to be with customer support offer to help with the password reset alert. They ask Apple customers to provide a one-time code that has been sent to their devices. With this code, they can reset account passwords and lock users out.
How to avoid the Apple ID scam
If you aren’t trying to reset your password but are receiving alerts prompting you to do so, assume it’s a scam. Then take these steps to stay safe.
- Don’t click “Accept.” Don’t authorize any changes to your password if you receive a message out of the blue to make a change.
- Don’t trust caller ID. Scammers can use technology to make the number that appears on your caller ID look like it’s from Apple customer support. According to Apple, you should assume that any unsolicited call, message or request for information that appears to come from Apple is a scam. Hang up.
- Never share your Apple ID password. Apple won’t ask for this information to provide support.
- Don’t click on links in unsolicited emails or messages. Send any suspicious email or text messages that appear to be from the company to reportphishing@apple.com.
Get protected today
Verify your TCB email to take advantage of Carefull's features. Carefull costs $9.99 per month, but as a TCB customer, this service is completely free* to you.
Connect your accounts and Carefull does the work for you, safely and securely.
Carefull costs $9.99 per month, but as a TCB customer, this service is completely free* to you.
*TCB will pay the monthly fee on your behalf to Carefull, if you, are a deposit customer of the bank. If you close your account TCB will no longer pay this fee. You will be responsible for the first monthly fee assessed by Carefull after your account is closed and any other fees thereafter.