Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests
- Thread starter MacRumors
- Start date
- Sort by reaction score
lol if this happened to me i would probably whip out the old android phone until im very satisfied with apples solution
Meh, just announce you are recording the call. If they remain on the call they’ve given consent. If they hang up the problem is solved also.
But but it's all for the users!!*
* and by users we mean giant software companies and malware creators
Wow I imagine this chain of attack would be quite successful on a lot of people. Just needing the email and phone number is a huge vulnerability.
If I buy a wrench and use it as a hammer, and it doesn’t work as a hammer, whose fault is it? The manufacturer of the wrench or me?
You can use a Yubikey, and get 2 of them. This way you don’t have to worry if your loose your 1 device. Others here have said this too.
As for the issue in the article, as of now, we have to select Don’t allow. Me, no one knows my Apple ID email. I actually doubt it does any protection, but I’ll try anything to protect my account.
How does ot have restrictions? Your phone number is used as a backup (I personally don’t like and I wish I could turn that off). Just because you lose your phone or it breaks, your phone number will work on a replacement.
Or again get a Yubikey.
People seem to have a problem for every solution.
All you need is a phone number, I wish it was both. I tried it with just my phone number and I was able to go through.
Not sure it can be solved with an update on the phone, might be that an update is needed on Apples side or maybe both.
this week i've had a spate of calls from the "Chinese Embassy" and then a whole fast lot of Chinese language followed by "Press 1 for the english version" in Siri's voice.
Anyone else having these and know what they are trying to achieve?
Obviously I'm not pressing 1 to find out.
Anyone else having these and know what they are trying to achieve?
Obviously I'm not pressing 1 to find out.
The only reason they are doing it (including EU) is to get Apple to finally give them a backdoor, that they spent years asking for. Amusing that people think EU is doing it to give people more options.
Then they can print out a recovery key and keep it in their wallet. No printer? Use a pen. There’s truly no excuse.
lol. I thought this walled garden was actually keeping you safe? Apparently, once the hyena makes it within the walled garden it maximizes damage. Seems like a nasty exploit and one that Apple could have prevented (how is it possible you can send so many reset notifications! Instead of emojiing the sh*t out of everything.
it's a phishing attack... that doesnt matter if the garden is walled or not.
they have your data and make a pest of themselves using it.
When I had Windows machines it was endless games of virus attacks and bad user behaviour.
or just plain old Windows issues.
Mac was a breathe of fresh air and the hardware lasted longer.
iOS was a whole new level of "it just works" with tighter comtrols desktops could never impose after the horse had bolted. But many want iOS opened up. Some of us think that's dangerous and we could now have phones with issues other platforms have.
I wish Apple would make it so for the people that use a Yubikey, a password cannot be changed or reset without the physical key.
I know some people wouldn’t like that, but it would fix this issue.
I'm a big fan of the Yubikeys myself but at the same time its the hassle of having to have the key with you. When you need it its somewhere else.
I have one on me at all times, and my wife and kids do too. We all have each other’s accounts on all the keys as well. We have 1 spare at home and 1 spare at my parents house. I’m not taking any chances.
Rate limiting and other protection methods should have already been in place.
And to truly fix this, we need to well and truly kill all modal dialogs. Every modal dialog is pure evil, there is not a non-evil use for one. Go ahead, try to name one. Every single one you've ever seen wanted to force you to do something you don't want to do.
But, but, but, Apple iPhone is the most secure ever!!!!! NOT. This is the reason to ignore advertising and other propaganda.
Spammers know that, sure. It’s still a valuable form of mitigation against phishing. Use a unique email address and a unique, strong password for every account that you can, preferably with multi-factor authentication.
1980 called, they want their catch phrase back.
Noting is 100%. This is still secure, we just have to be careful what we select on pop-ups on our phones.
Perhaps the EU could look into the requirement to have a centralised account with a tech monolith to even use these devices. There should be a device-level account that allows me to download free apps from the app store without needing an AppleID.
It's starting to become clear to everyone just how much of a mess the internet really is. This is the best advice currently available (aside from maybe removing all usernames and passwords and using only passkeys and hardware tokens) but it's basically impossible for anyone without actual technical education.
To their credit Apple is trying with Hide my Email and a built-in password manager (sort of) and passkey support. But most users only have a vague, dim idea of what an account even is and what account they're actually logging into. They just put in the same email address and password everywhere and it always works! Until "my Facebook got hacked."
I swear I had a point when I started this rant. Something something user education.