![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/04\/cybercriminal-wearing-an-Apple-logo-mask-and-hoodie-600x350-1.jpg\"){kind=logo}
<\/p>\n<\/p>\n
Apple recently contacted users in 92 countries around the world, warning them that they had been targeted by a “mercenary spyware attack.” This term replaces what Apple used to call “state-sponsored attacks,” and covers attacks using spyware such as Pegasus, created by the NSO Group<\/a>. Apple contacted these individuals by both email and iMessage. Also, when logging into their Apple ID account in a browser, users would see a “Threat Notification” bar with the date on which Apple sent those communications.<\/p>\n But if you get a message that claims to be from Apple\u2014whether by SMS text message, iMessage, email, or a phone call\u2014how can you know whether it’s really Apple or not?<\/p>\n Let’s examine the reasons why Apple might legitimately contact you (and how they’ll do so), and how to recognize scams.<\/p>\n The aforementioned Apple emails reportedly<\/a> included the following details:<\/p>\n \u201cApple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-<\/p>\n \u201cThis attack is likely targeting you specifically because of who you are or what you do. Although it\u2019s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning \u2014 please take it seriously.<\/p>\n \u201cWe are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.<\/p>\n \u201cMercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.\u201d<\/p><\/blockquote>\n Notably, these real Apple emails do not contain any links<\/strong>. So if you get a similar-looking email, but it prompts you to click on something<\/strong>, don’t trust it\u2014it’s a scam.<\/p>\n As Apple points out in a support document entitled About Apple threat notifications and protecting against mercenary spyware<\/a>, the company “sends an email and iMessage notification to the email addresses and phone numbers associated with the user\u2019s Apple ID.” Moreover, “A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.”<\/p>\n The emails and notifications do not contain links to click, but direct users to the Apple ID website instead. After signing into the website, clicking the View Details link in the Threat Notification bar takes the user to a page giving more information about the attack.<\/p>\n If you receive an email purporting to be from Apple, but it entices you to click on a link, it is likely a phishing email.<\/p>\n One exception to this rule is if you have recently opened a support case with AppleCare; the emails they send will include your case number for verification purposes, and they may contain links to Apple’s support website. Receipts from Apple’s App Store, iTunes Store, or other Apple services will also contain links. But no legitimate emails from Apple will recommend that you click on a link to log into your Apple ID account<\/strong>.<\/p>\n If you receive an email claiming to be from Apple, and claiming you’ve made a purchase that you don’t recognize, don’t click any links; it’s almost certainly a scam. If you’re really concerned, check your actual purchase history (or billing method) to make sure that you did not accidentally buy something. If you did make an accidental purchase, you can use Apple’s Report a Problem<\/a> site to resolve the issue. Just make sure you go to that site from a trusted link or bookmark\u2014not a link from a possible phishing email.<\/p>\n Late last year, a wave of iCloud storage-related phishing emails circulated. They claimed, for example: “Your [iCloud] storage might be full,” and they pretended to offer a free iCloud storage upgrade to recipients who clicked on a “Get this deal” link. We wrote about this scam in December: Don’t fall for “iCloud FREE Storage Notice” e-mail scams<\/a>.<\/p>\n Don’t fall for “iCloud FREE Storage Notice” email scams<\/a><\/p><\/blockquote>\nApple notified users who were victims of mercenary spyware attacks<\/h3>\n
How can I confirm that an Apple threat notification is legitimate?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/04\/apple-fake3.png\")
<\/p>\nWill Apple send me emails containing links?<\/h3>\n
iCloud storage warning email phishing scams<\/strong><\/h4>\n