Skip to Main Content

This Spyware Warning From Apple Is Actually Real

Apple sent alerts to users in 92 countries. If you received one, don't ignore it.
Hands holding smartphone on dark background
Credit: Kaspars Grinvalds/Shutterstock

We get a lot of spam calls and texts these days, so it's easy to ignore cryptic messages about the security of our accounts and devices. But what if the text you received wasn't from some random number, but from Apple itself? And what if that text from Apple claimed you were actively being spied on?

As much as this situation sounds like classic spam, it's very much not: Apple actually did send alerts to users on Wednesday warning them they might be targeted by "mercenary spyware attacks." According to Apple, it sent the alert at 12 p.m. PT on Wednesday to users in 92 countries. You can see an excerpt of the alert below:

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-...This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

This isn't the first time Apple has sent users this type of warning. In fact, the company sent a round of warnings to users back in April, complete with the same message as noted above.

According to an Apple support document on the subject, the company has sent alerts multiple times each year since 2021, now to over 150 countries in total. The specifics of the attempted attacks are limited, since Apple doesn't want to reveal how it is able to detect the risks to users. While that's understandable, it means users are left knowing they're likely the target of a spyware campaign, but without knowing from who or where.

To be clear, the vast majority of users receiving these alerts are not your everyday iPhone customers. Most of the users Apple believes are being targeted by spyware work in high-profile positions that attract attacks from state actors. Think politicians, journalists, activists, diplomats, etc.—people who expose secrets or have power that other people in power would like to stop. Bad actors spend millions of dollars to target these users in elaborate spyware campaigns, attempting to install malware on their devices in an effort to spy on location, data, and activity.

Perhaps the most notable spyware of this kind is Pegasus, which was created by the Israeli-based NSO Group to spy on a host of high-profile targets the government sees as "threats." What makes spyware like Pegasus particularly dangerous is it requires no action on the part of the target: Bad actors can infect iPhones and Androids with Pegasus silently in what's known as a "zero-click" attack, and track just about everything the target does on their smartphone.

What to do if you receive this alert

If you do receive one of these alerts, the first step is to ensure it's real. To do so, sign into appleid.apple.com and look for the threat notification at the top of the page. If Apple sent you one, you'll see it here. Otherwise, assume the message is fake. Apple says its alert will never ask you to click a link, open a file, or install an app or profile, so if the "alert" asks you to do this, ignore it. These are classic tactics to trick users into installing the very malware a true alert would try to protect you from.

The company also recommends you reach out to the non-profit Access Now and use their Digital Security Helpline. While they won't be able to offer you specific advice about your situation, they will be able to walk you through general steps to secure yourself.

Whether you receive an alert, or your work involves one of these at-risk positions, Apple strongly encourages you to enable Lockdown Mode on your Apple devices. Lockdown Mode restricts many of the basic functions of your Apple devices, to plug potential holes bad actors can exploit to compromise those devices. This includes blocking things like message attachment types, web technologies in Safari, and incoming FaceTime calls; removing your location from shared photos; and stopping configuration profiles from being installed.

As Lockdown Mode limits the features of your iPhone or Mac, it's not something that most people should use on a daily basis. However, for those who may be targeted by bad actors, it can be a great line of defense. You can follow our guide here to enable Lockdown Mode on your Apple devices to protect yourself.