iPhone owner warns others of ‘sophisticated’ phishing attack that blew up his phone with notifications
He hopes to spread awareness so others don't fall for the same ploy.
One iPhone user found himself in the centre of a major phishing attack targeting his Apple ID.
Parth Patel shared his story on X, aiming to spread awareness and prevent others from falling for a similar trick.
'This was a high effort concentrated attempt at me,' Patel described.
At around 6.30 pm last Friday, the Apple user was bombarded with hundreds of 'Reset Password' notifications coming through on his iPhone.
Advert
'Because these are Apple system level alerts, they prevent me from using my phone, watch, or laptop until I clicked “Don’t Allow” to 100+ notifications,' Patel recalled.
About 15 minutes later, the scammers called Patel using Caller ID, spoofing the official Apple Support line.
'They really emphasized this detail to win trust from the victim.'
Still on his guard, Patel asked the scammers to verify his information before proceeding anywhere else.
'They got a lot right, from DOB, to email, to phone number, to current address, historic addresses…'
Patel was luckily tipped off that the scammers were using real-time data from People Data Labs to 'validate a ton of information.'
However, the jig was up when the phishers stumped the question of his name in which they ended up confusing him with another midwestern elementary school teacher by the name of Anthony S.
'Thank god PDL’s data is inaccurate on me,' Patel sighed with relief. Scarily, this could have been the only way Patel might have seen though the scheme.
The last of the game was when Patel received an OTP through his messages that explicitly stated 'Don’t share it with anyone'.
One-time passwords (OTPs) are a security measure designed to confirm the identity of the device's owner and safeguard against any unauthorised access. That's why it's so important that if you receive one, you don't share it with anyone - not even Apple.
'Hitting approve in the first reset notification spam attack OR sharing this code would’ve pwned me,' the AI entrepreneur explained.
Patel's post has since resonated with many fellow X users, with followers expressing gratitude.
One Apple user said: 'You taught me something new today thanks'.
Another wrote: 'I almost once got taken by that allow / don’t allow. If you are in the middle something you could accidentally hit allow.
This is an absolute massive security risk @apple needs to fix asap.
Is there a way to disable that as an option??'
Now, we can just hope the tech giant recognises the vulnerabilities in its security software and address them ASAP.