Do you frequently receive requests for two-factor authentication? The scammer wants you to give in and panic; that’s precisely what they want.
If you know someone who possesses an iOS device, keep an eye out for mass password reset scammers. In the event that it occurs, a two-factor authentication (2FA) bombing attack is being launched against you.
Even though the attack could appear frightening, you have total control over the circumstance. Since you are aware of how 2FA bombing operates, the con artist cannot get into your account.
What Is 2FA Bombing?
An assault known as “2FA bombing” (also referred to as “MFA bombing” or “MFA fatigue”) occurs when an attacker obtains a user’s account details and attempts to log it. The account holder will receive a text, email, or phone notice requesting them to log in if the account has two-factor authentication protection and isn’t using a separate authenticator app or device.
This is typically where the story ends. In contrast, 2FA bombing involves the attacker flooding the victim with 2FA requests in the hopes that they may unintentionally grant access or accept it to halt the inflow of messages.
How Does the iOS 2FA Bombing Attack Work?
Although 2FA bombing is very simple to counter, it can be rather powerful. All you have to do to prevent the fraudster from entering is to deny the requests or modify their 2FA confirmation method. But there’s a new variation of 2FA bombing that targets iOS users.
The attack gets underway normally. A barrage of iOS 2FA notifications is sent by the scammer requesting access. The con artist calls your phone and stops delivering 2FA notifications after a short while.
The con artist poses as Apple support when you pick up. They will argue that a hacker attempting to access their account was the cause of the recent spate of notifications. Then, pretending to be defending you, they will ask you for certain information.
The con artist wants to obtain your 2FA code, which you text to confirm your identity. After you give the hacker the code, they will be able to access your account.
How to Avoid an iOS 2FA Bombing Attack
Even if this attack seems terrifying, you are fully in charge of the circumstance. Don’t panic if you see that your iPhone is bombarded with 2FA requests; that’s exactly what a fraudster wants you to do. Recall that if you deny their request, they won’t be able to access your account.
Refuse any 2FA requests that you were not asked for. Refrain from giving out a code to anyone who phones you requesting one. If you’re worried about the legitimacy of the call, try to identify any red flags that indicate the caller is a scammer. In order to confirm whether there is actually a problem with your account, you can also end the call and give Apple support a call yourself.
Attacks using 2FA bombing might be frightening and emotionally taxing, but the scammer wants just that. You won’t lose your account as long as you turn off the alerts and don’t answer any calls from Apple.