Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests

by

Phishing attacks taking advantage of Apple's password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to cause panic so they'll respond favorably to social engineering.

reset password request iphone
An attacker is able to cause the target's iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again. Because the password requests target the Apple ID, they pop up on all of a user's devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on "Don't Allow" for more than 100 notifications.

The actual popup can't be used to gain access to an Apple device, and it serves as a front for attackers to incite fear in the target. Following the flood of notifications, the attacker calls using a spoofed number that makes it appear to be coming from Apple. On these calls, the attacker confirms that the victim's account is under attack, and that sensitive information is needed to put a stop to it. It appears that the attacker is after a one-time code to confirm a password reset or login attempt.

In Patel's case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack hinges on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌ at a minimum, and given the description of what's been happening, it is likely that bad actors also had access to the victim's ‌Apple ID‌ password from database leaks and other means. One-time codes are most often triggered as secondary security, so the attacker sends the notification spam, calls the target to "save" them from the attack, logs in to the ‌Apple ID‌ with the stolen information and password, and triggers the one-time code. If the target hands over the code at this point, the attacker will have full access to the ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple's page for a forgotten ‌Apple ID‌ password to send the notification spam. This page requires a user's ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple's system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this attack should remain calm and make sure not to provide sensitive information to someone who calls, even if the phone call appears to be coming from Apple. Spoofing a phone number is a simple thing to do, so the best course of action is to hang up and call Apple support directly. There is never a situation where a one-time code should be shared with another person, and Apple will never ask for a code.

Update: This article has been updated to clarify how the attack works. The prior version suggested that an ‌Apple ID‌ could be accessed should someone press "Allow" on one of the password request popups, but that is inaccurate. This is a complicated, multi-step attack that requires social engineering, but the password reset spam is a component that Apple will hopefully address in a future update.

Popular Stories

Apple Shopping Event 2025

Apple Announces 2025 Black Friday Event, Here's What You Can Get

Thursday November 20, 2025 6:28 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 28 through Monday, December 1 in many countries, including the United States, Canada, Australia, New Zealand, France, Germany, Italy, Spain, the United Kingdom, Belgium, the Netherlands, Sweden, Thailand, and others. During the shopping event, customers can get an Apple gift card with...
Read Full Article41 comments
iOS 26

iOS 26.2 Adds These New Features to Your iPhone

Thursday November 20, 2025 10:50 am PST by
iOS 26.2 is currently in beta testing. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics for Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date. Keep reading...
Read Full Article27 comments
hikawa phone grip stand apple%402x

Apple Launches Second Limited-Edition iPhone Accessory in a Month

Friday November 21, 2025 3:53 am PST by
Apple has begun selling the Hikawa Phone Grip and Stand, a new limited-edition iPhone accessory designed with accessibility in mind. Designed by LA-based Bailey Hikawa to celebrate the 40th anniversary of accessibility at Apple, the grip uses magnets to securely snap onto any iPhone with MagSafe. Apple says it can be removed with ease, and doubles as a stand with two different viewing...
Read Full Article127 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Wednesday November 19, 2025 4:00 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article104 comments
ipad black friday 2025

The Best Early Black Friday iPad Deals

Thursday November 20, 2025 10:20 am PST by
Black Friday is just over a week away, and iPad deals have finally started to flood in at retailers like Amazon and Best Buy. Below we're tracking discounts on every current generation iPad, including lowest-ever prices on M3 iPad Air and M5 iPad Pro, plus steep markdowns on iPad and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a ...
Read Full Article7 comments
watchos 26 workout app

Apple Watch Users Claim Workout App Is Now Worse in Every Way

Thursday November 20, 2025 7:01 am PST by
Apple Watch owners have been voicing their frustration online over changes to the Workout app that Apple introduced in watchOS 26, with many finding the redesigned interface makes starting exercises difficult and exasperating. When Apple launched watchOS 26 in September, the Workout app went from large, easily tapped workout tiles to a scrolling, corner-button interface. Instead of tapping a ...
Read Full Article229 comments
ipad mini 7 feature red and blue

iPad Mini 8: Four Major New Features to Expect

Wednesday November 19, 2025 7:50 am PST by
Apple's eighth-generation iPad mini is highly likely to arrive next year, offering a significant refresh of the device with at least four major new features. OLED Display The next-generation version of the iPad mini could feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple Watch in 2015, ...
Read Full Article67 comments
apple wallet drivers license feature iPhone 15 pro

Two More U.S. States Commit to Offering iPhone Driver's Licenses in Apple Wallet App

Thursday November 20, 2025 8:21 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. Earlier this week, Illinois became the 13th state in the U.S. to offer the feature. Subsequently, we shared a list of additional states that are committed...
Read Full Article38 comments
android iphone airdrop quickshare

iPhone Users Can Now AirDrop Files to Android Devices

Thursday November 20, 2025 9:47 am PST by
Google today announced a new cross-platform feature that allows for file sharing between iPhone and Android users. With AirDrop on the iPhone and QuickShare on Pixel 10 devices, there is a new file transfer function available. The file sharing option works on Apple devices that include iPhone, iPad, and Mac, along with the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and Pixel 10 Fold....
Read Full Article124 comments

Top Rated Comments

checker2010 Avatar
checker2010
22 months ago

iCloud Lock was the worst thing Apple has done to the iPhone. Some people legit get permanently locked out of their own phones because of it.
Activation lock is a fantastic feature. I’d recommend everyone have it enabled.
Score: 50 Votes (Like | Disagree)
Realityck Avatar
Realityck
22 months ago

When attackers are unable to get the person to click "Allow" on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user's phone number when attempting a password change.
Never trust a company to call you out of the blue! Just tell them you are hanging up and contacting that company directly.
Score: 42 Votes (Like | Disagree)
vegetassj4 Avatar
vegetassj4
22 months ago
Thank my lucky stars Apple Security warned me before this exploit was used:



Attachment Image
Score: 34 Votes (Like | Disagree)
boswald Avatar
boswald
22 months ago
Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
Score: 28 Votes (Like | Disagree)
whsbuss Avatar
whsbuss
22 months ago
And the DOJ and EU keep tearing down the Apple ecosystem. What insanity
Score: 28 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
22 months ago

Oh, good grief. What a nasty attack. I will definitely make my family aware of this!
I wonder if it is something that can be fixed or limited on Apple's side. Sounds like it. They should do it TODAY.
Score: 22 Votes (Like | Disagree)
Read All Comments