iPhones getting bombarded with “Apple ID verification” popup en masse, possibly a phishing attack

Many iPhone users across the globe are being targeted by a new, possible phishing attack called “Apple ID verification.” Users are seeing a mysterious system prompts appear out of nowhere every minute asking to enter a password.

The r/iphone community recently found itself in a flurry of discussion over a series of peculiar notifications that left users questioning their device’s security.

The saga began with a wave of notifications bombarding users’ screens within the span of a minute. These notifications prompted users to enter their passwords for unknown iCloud accounts.

While it may be related to the MFA bombing attack reported by KrebsOnSecurity recently, the attack has some key differences. The MFA bombing attack exploit vulnerabilities in Apple’s password reset feature, inundating users’ devices with prompts and ultimately aiming to gain access to their accounts.

These attacks typically begin with a flood of system-level prompts on the victim’s Apple devices, demanding approval for account password resets. Users are bombarded with dozens of notifications, rendering their devices unusable until they respond to each prompt. The relentless nature of these alerts can coerce users into inadvertently granting access to their accounts out of frustration or confusion.

The MFA bombing attack asked you to reset your password with two choices: Don’t Allow and Allow. The new attack asks you to verify your Apple ID with icloud email addresses and choose between Not Now and Settings.

While it is advised to not click Settings, it leads to the profile under phone settings hoping someone will enter their password, phishing for your password.

Some users suggest repeatedly hitting Not Now until the popup goes away. The hackers can only send so many popups at once. However, it is best to disengage entirely.

However, in one case, the user actually knew the email address which belonged to their ex-partner from 10 years ago. Plus, it wasn’t an icloud email, but a Hotmail.

In this particular case, the user might have downloaded apps or content using different Apple IDs in the past. These outdated credentials could be triggering the prompts as the system attempts to update associated apps.