Skip to content

How to Protect Your iPhone From New "Sophisticated" Hacker Attack

"Push bombing" is threatening to expose users' Apple ID passwords.

Despite advanced security settings and routine software updates, cybercrime is stealthier than ever before. In fact, mobile security threats account for more than 60 percent of digital fraud, Reader's Digest reports. We've been told to be wary of open WiFi networks, spyware, and phishing attacks—but now, iPhone users are warning others about a new "sophisticated" hacker attack called "push bombing."

RELATED: Retired FBI Agent Shares 4 Ways You're Putting Yourself at Risk Every Day.

Unlike phishing, where victims are sent malware-infected text messages or emails, this new method targets iPhone users by asking them to reset their Apple ID password via unsolicited pop-up notifications. Security experts have dubbed the password reset attack "multi-factor authentication (MFA) fatigue" or "push bombing," as the goal is to infiltrate users with as many notifications as possible before they give in and click "Allow."

"In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds 'Allow' or 'Don't Allow' to each prompt," explains KrebsonSecurity.

After so many failed attempts, "the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to 'verify' a one-time code," per KrebsonSecurity. Once that code has been validated, the hackers can reset the victim's Apple ID password, lock them out, and wipe all their Apple devices.

Tech entrepreneur and iPhone owner Parth Patel was a recent target of push bombing. In a lengthy thread on X, Patel shared his experience and how he was able to deter the hacker from accessing his phone and passwords.

"Last night, I was targeted for a sophisticated phishing attack on my Apple ID," he wrote on X. "The attackers made a led high effort focused attack on me, using OSINT data from People Data Labs and caller ID spoofing."

Patel said the scammer knew his birthday, email address, phone number, current residence, and past home addresses. Speaking on the phone, he prompted the hacker "to validate a ton of information." However, they got the one detail wrong: his name.

Patel and his AppleID survived unscathed, but this password reset hacker attack is only growing in popularity. However, there are things you can do to protect your iPhone and privacy.

For instance, never click the notification's "Allow" button. Keep selecting "Don't Allow" until the bad cybercriminal eventually gives up. Another tip: iPhone users should never trust outbound calls.

"Take a moment to think about this. Why would Apple call you? When has Apple ever called you before on their own when you are going through real, legit technical difficulties? Never! Apple doesn't make outbound calls to users without an Apple customer calling them first and requesting a callback," Mashable explains.

If you believe you've answered a spoofed call, hang up immediately. Instead, search the company's number online and call them directly to confirm whether the call was legitimate.

As a last-case scenario, you can switch the phone number associated with your Apple ID. However, Mashable warns this could cause more of a headache as it will disable specific iPhone features like iMessage and FaceTime.

These hacker attacks usually never last for more than a day, so do your best to wait them out. If the notifications are getting out of control, you can always visit your local Apple store, where a professional may be able to better assist you.

Emily Weaver
Emily is a NYC-based freelance entertainment and lifestyle writer — though, she’ll never pass up the opportunity to talk about women’s health and sports (she thrives during the Olympics). Read more
Filed Under