BrianKrebs on Nostr: Interesting and scary thread over at Xitter describing what appears to be a series of ...
Interesting and scary thread over at Xitter describing what appears to be a series of targeted attacks designed to hijack iCloud accounts by doing something that causes the user's device to be inundated with push OTP requests. The idea seems to be that if they send enough requests, the target might eventually click yes -- either by accident after denying it the 59th time, or because they just want to make the prompts stop.
It's worth noting that in the end game of this attack, the scammers apparently relied on data from people-search services to gather the target's data and contact the user directly posing as Apple. And when you ask them info about yourself to verify you, they can usually read off enough details to fool people into thinking they're actually talking to Apple. And then they ask you to verify a one-time code, and if you do that, your account is toast.
https://twitter.com/parth220_/status/1771589795334287844 
Published at
2024-03-24 16:56:12Event JSON
{
"id": "c9b2bd2ae1d604bcf0ddbfd85122ac99d7cc1bbb8aa1e787444fd2d0e59da6ad",
"pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d",
"created_at": 1711299372,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/112151715700245335",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/112151715700245335",
"pink.momostr"
]
],
"content": "Interesting and scary thread over at Xitter describing what appears to be a series of targeted attacks designed to hijack iCloud accounts by doing something that causes the user's device to be inundated with push OTP requests. The idea seems to be that if they send enough requests, the target might eventually click yes -- either by accident after denying it the 59th time, or because they just want to make the prompts stop.\n\nIt's worth noting that in the end game of this attack, the scammers apparently relied on data from people-search services to gather the target's data and contact the user directly posing as Apple. And when you ask them info about yourself to verify you, they can usually read off enough details to fool people into thinking they're actually talking to Apple. And then they ask you to verify a one-time code, and if you do that, your account is toast.\n\nhttps://twitter.com/parth220_/status/1771589795334287844\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/112/151/713/336/236/834/original/7d7504ef68fae89f.png\n",
"sig": "e996a0f2c73111ed4b1bc0daa46394f0d1820f8c602d41a0bcd9d2e991c17a625527a4b29835e22689faec5c8de3624e80441ac06b522e6aa960f7d71901b89c"
}
