What the attackers are banking on is you getting upset about all of the notifications you’ve received. They will tell you that your account is under attack and to stop it, you will need to give them the one-time code you received from Apple. DO NOT DO IT! Once you give them that code, they can change the passcode of your iPhone locking you out of the device. You’ll be unable to stop the thieves from changing the passwords to all your apps, including financial apps allowing them to transfer your cash to their accounts.
Once the attacker changes the passcode to the phone, even two-factor authorization is not a help and in fact use of 2FA by the bad actors allows them to verify the requests they make to change the passwords to your apps.
Just to be clear, the best way to stay out of trouble with this attack is to ignore the phone call you receive after receiving the “Reset Password” notifications. And if you do accidentally pick up the phone, do not reveal the one-time code. Again, giving away this code is the main reason why some (mostly elderly) iPhone users get scammed with this ruse.
If you know any iPhone users that you feel might be easy targets of this attack, take a few minutes out of your day to explain it to them and tell them what to do to avoid getting wiped out.
