CUPERTINO, Calif.–Credit unions may want to caution their members, as well as employees, who are users of Apple devices and confident they don’t face the kinds of security risks as users of other devices—that they face a significant risk.
According to KrebsonSecurity, Apple users are being targeted by a sophisticated attack, requesting them to hand over their Apple ID credentials over and over again.
How it Starts
KrebsonSecurity said the attack starts with unsuspecting Apple device owners getting dozens of system-level messages, prompting them to reset their Apple ID password. If that fails, a person pretending to be an Apple employee will call the victim and try to convince them into handing over their password, according to the report.
Those who have been targeted say they are receiving messages on their iPhones, Apple watches and MacBooks telling them they must “reset password.” Some users said they have clicked “Don’t Allow” more than 100 times. They are then contacted by fake Apple Support, which spoofs the caller ID of Apple's official Apple Support line. The fraudsters often know of users’ real data, according to KrebsonSecurity.
How’d They Get the Information?
How did the attackers know all the data needed to perform the attack, and how did they manage to send system-level alerts to the victims' phones? According to KrebsonSecurity, the hackers likely had to get a hold of the victim's email address and phone number, associated with their Apple ID. Then they used an Apple ID password reset form, that requires an email or phone number, alongside a CAPTCHA, to send the system-level, password reset prompts.
They also likely used a website called PeopleDataLabs to get information on both the victim and Apple employees they impersonated, KrebsonSecurity reported.
Now With Free Shipping! The CUToday.info Daily News Email Keeps Getting Better!
The biggest, best and freshest news reporting in credit unions remains free, and now has an added bonus---free shipping to your email address! That’s right. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?