The bad guys are out to get you, me, everyone they can. If you’re not changing your password right this minute, don’t allow warnings to persuade you otherwise. This week, a sophisticated phishing scam called “MFA Bombing” is targeting Apple users, exploiting a flaw in Apple’s password reset process. Attackers flood users with authentic-seeming password reset notifications, hoping to trick them into granting access to their accounts. If incessant notifications fail, the attackers may even pose as Apple Support over the phone to deceive users further. Despite measures like enabling an Apple Recovery Key, users continue to receive these notifications, leaving many concerned about their account’s security.

Apple users are becoming the target of a new wave of phishing attacks called “MFA Bombing” that relies on user impatience, and a bug in Apple’s password reset mechanism.