In this attack, called "MFA bombing" or "MFA fatigue," the victim's Apple devices are flooded with many notifications asking them to approve a password reset. This makes it hard for the person to use their devices until they respond to all the prompts.

After the victim denies the password reset requests, the scammers call them pretending to be from Apple support. They try to trick the victim into giving them a one-time code that would let the attackers take over their Apple account.

Some people think this might be happening because of a problem or bug in Apple's system that is supposed to limit how many password reset requests can be sent at once. Apple has not yet commented on the issue.