We get a lot of spam calls and texts these days, so it’s easy to ignore cryptic messages about the security of our accounts and devices. But what if the text you received wasn’t from some random number, but from Apple itself? And what if that text from Apple claimed you were actively being spied on?
As much as this situation sounds like classic spam, it’s very much not: Apple actually did send alerts to users warning them they might be targeted by “mercenary spyware attacks.” According to Apple, it sent the alert at 12pm PT on Wednesday to users in 92 countries. You can see an excerpt of the alert below:
“
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-…This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
”
This isn’t the first time Apple has sent users this type of warning. According to an Apple support document on the subject, the company has sent alerts multiple times each year since 2021, now to over 150 countries in total. It limits the specifics of the attempted attacks, since they don’t want to reveal how they are able to detect the risks to users. While that’s understandable, it means users are left knowing they’re likely the target of a spyware campaign, but without knowing from who or where.
One user who received Wednesday’s alert posted screenshots of the message on Reddit. The user received a similar message on August 29, 2023, which Apple alludes to in its new message as well. The company clarifies this isn’t a repeated alert; rather the user had been targeted a second time.
To be clear, the vast majority of users receiving these alerts are not your everyday iPhone customers. Most of the users Apple believes are being targeted by spyware work in high-profile positions that attract attacks from state actors. Think politicians, journalists, activists, diplomats, etc.—people who expose secrets or have power that other people in power would like to stop. Bad actors spend millions of dollars to target these users in elaborate spyware campaigns, attempting to install malware on their devices in an effort to spy on location, data, and activity.
What to do if you receive this alert
If you do receive one of these alerts, the first step is to ensure it’s real. To do so, sign into appleid.apple.com and look for the threat notification at the top of the page. If Apple sent you one, you’ll see it here. Otherwise, assume the message is fake. Apple says its alert will never ask you to click a link, open a file, or install an app or profile, so if the “alert” asks you to do this, ignore it. These are classic tactics to trick users into installing the very malware a true alert would try to protect you from.
The company also recommends you reach out to the non-profit Access Now and use their Digital Security Helpline. While they won’t be able to offer you specific advice about your situation, they will be able to walk you through general steps to secure yourself.
Whether you receive an alert, or you work as one of these at-risk positions, Apple strongly encourages you to enable Lockdown Mode on your Apple devices. Lockdown Mode restricts many of the basic functions of your Apple devices, to plug potential holes bad actors can exploit to compromise those devices. This includes blocking things like message attachment types, web technologies in Safari, and incoming FaceTime calls; removing your location from shared photos; and stopping configuration profiles from being installed.
As Lockdown Mode limits the features of your iPhone or Mac, it’s not something that most people should use on a daily basis. However, for those who may be targeted by bad actors, it can be a great line of defense. You can follow our guide here to enable Lockdown Mode on your Apple devices to protect yourself.