We receive so many spam calls and text messages these days that it's easy to ignore cryptic messages about the security of our accounts and devices. But what if the text message you receive isn't from some random number, but from Apple itself? What if a text message from Apple claimed you were being watched?
While this scenario may sound like typical spam, it's not: Apple actually does send alerts to users, warning them that they may be the target of a "spyware-for-hire attack." According to Apple, the alert was sent to users in 92 countries at 12 noon Pacific time on Wednesday. You can see an excerpt of the alert below:
"“Apple has detected that you are being targeted by a hired spyware attack that is attempting to remotely compromise the iPhone associated with your Apple ID -xxx-…This attack is likely targeting you specifically because of who you are or what you do .While it’s never possible to achieve absolute certainty in detecting this type of attack, Apple is confident in this warning—please take it seriously.”
"This is not the first time Apple has sent such warnings to users. According to Apple's support document on the topic, the company has been sending alerts multiple times a year since 2021 and has now sent alerts to more than 150 countries in total. It limited the details of the attempted attack because they didn't want to reveal how they were able to detect the user's risk. While this is understandable, it means users know they may be the target of spyware activity, but don't know from whom or where.
A user who received Wednesday's alert posted a screenshot of the message on Reddit. The user received a similar message on August 29, 2023, which Apple also mentioned in its new message. The company clarified that this was not a repeat alert; instead, the user had been targeted a second time.
To be clear, the vast majority of users who receive these alerts aren't your everyday iPhone users. Apple believes most users are targeted by spyware in high-profile positions that attract attacks from state actors. Think of politicians, journalists, activists, diplomats, etc.—people who reveal secrets or have powers that others in power want to prevent. Bad actors spend millions of dollars targeting these users in elaborate spyware campaigns, attempting to install malware on their devices to monitor location, data, and activity.
What to do if you receive this alert
If you do receive one of these alerts, the first step is to make sure it's genuine. To do this, log in to appleid.apple.com and look for the threat notification at the top of the page. If Apple sent you a copy, you'll see it here. Otherwise, assume the message is false. Apple says its alerts will never ask you to click a link, open a file, or install an app or profile, so if an alert asks you to do so, ignore it. These are classic tactics to trick users into installing malware that genuine alerts are trying to protect you from.
The company also recommends that you contact the nonprofit Access Now and use their digital security helpline. While they won't be able to give you specific advice about your situation, they will be able to guide you through general steps to keep yourself safe.
Whether you receive an alert or are in one of these risky positions, Apple strongly encourages you to enable Lockdown Mode on your Apple devices. Lockdown Mode limits many essential functions of Apple devices in order to plug potential vulnerabilities that bad actors could exploit to compromise these devices. This includes blocking things like message attachment types, web technologies in Safari, and incoming FaceTime calls; removing your location from shared photos; and stopping profile installation.
Because Lockdown Mode limits the functionality of your iPhone or Mac, most people shouldn't use it every day. However, it can be a good line of defense for those who might be targeted by bad actors. You can follow the guide here to enable Lockdown Mode on your Apple device to protect yourself.
