Apple device users see increase in fraudulent authentication attempts
Bailey Troutman & Patrick McGee,
CCIT Communications & Office of Information Security
April 10, 2024
Last week, the Office of Information Security at Clemson University updated its Cybersecurity Alerts page about a recent fraudulent situation impacting Apple devices. Similar to how Clemson uses DUO to verify a person’s identity, before someone’s Apple ID can be reset, a user’s phone receives a prompt asking for verification for the reset. In this new scam, Apple device users may experience a bombardment of up to 100 prompt notifications asking them to approve or deny a password reset on their Apple ID. These requests are fraudulent and if approved, cybercriminals can change the Apple account password and lock users out.
Even if users deny those requests, they may still get a phone call where the scammers claim to be Apple Support because they know the phone number associated with the account. Apple Support will never initiate outbound calls to customers unless those customers have requested to be contacted. The purpose of this fraudulent call is to try to initiate a reset by having users read the text message containing a one-time passcode. If the user supplies that one-time code to the fake Apple Support caller, the cybercriminals will use that information to reset the password on the account and lock the real user out of their own account. Once the scammers have control of the account, they can also remotely wipe all of the Apple devices.
If you receive a call from someone claiming to be Apple Support, it is best to hang up and contact the official Apple Support Center to see if there is an issue. It is important to continue to deny the message notification prompts for password reset if they were not initiated by the account user.
Visit the Cybersecurity Alerts page often to stay informed on all things related to scams that might impact the campus community.
Notices
Forced Windows update on August 16, 2024
Outage of Multiple Clemson Applications, June 26, 2024
Changes To Clemson Email Quarantine
FCC/FEMA Emergency Alert System Test on October 4, 2023
Check the status of university systems on Status Hub
Security upgrades to impact email spam retrieval beginning July 12, 2023
Campus network and TikTok — July 10, 2023
Kronos to require log-in through Duo mobile application on July 21, 2023
PeopleSoft and Banner Outage on June 11, 2023
Upcoming changes to Google Workspace
Temporary restrictions to iROAR access – Nov. 30, 2022
Welcome Back: Important IT Updates for Faculty and Staff
Welcome Back: Important IT Updates for Students
Eduroam Update – July 15, 2022
New Student Laptop Models Available for 2024-2025