Criminals lurk around Apple's notification system to try to wear down the victim.
Have you encountered this?
Because these are targeted attacks where a bunch of warning boxes appear asking if the user wants to create a new password. If the user clicks yes, hackers can then change their password from anywhere in the world. If you manage not to accidentally press Yes, the culprits will continue: they will try to connect afterward.
@parth220_ on X was attacked, and contacted Apple after the incident. An experienced Apple developer recommended creating a recovery key, but @parth220_ and Krebsonsecurity later confirmed that this did not help, and that when switching to a new iPhone, the same messages appeared immediately.
The recovery key is a randomly generated 28-character code that helps increase the security of your Apple ID account by giving you more control over resetting your password so you can regain access to your account.
apple
“KrebsOnSecurity has tested what Ken went through and can confirm that activating the recovery key does nothing to prevent a password reset message from being sent to connected Apple devices. Visit Apple's Forgot Password page – https://iforgot.apple.com – Requests e-mail address and for the visitor to solve the CAPTCHA. After that, the page will display the last two digits of the phone number associated with the Apple account. If you fill in the missing numbers and press submit in this form, a system notification will be sent, regardless of whether the user has activated Apple recovery key or not,” sums up Krebs, who has not received a response from Apple. To say the least, it feels like a bug to be able to send so many requests at the same time.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”
