Seeing a security alert can be a pretty scary experience. After all, if a hacker breaches your Apple account, then they could theoretically access all of your saved contact information, calendar, iCloud documents, and photos. However, Apple only sends security alerts via email or iMessage, or if you log in to its website directly. If you received an Apple security alert when browsing other sites, then it’s merely an attempt to trick you into giving up your login information. Today, we’ll explain how to spot a fake Apple alert and what you can do to block them going forward.
Looking for a way to enhance your online privacy in a matter of minutes? We recommend using a Virtual Private Network. VPNs encrypt all of your web traffic, keeping your browsing habits private. Some (like NordVPN) can block ads, trackers, and shady sites outright, so you shouldn’t encounter any more fake Apple alerts while connected.
WANT TO TRY THE TOP VPN RISK FREE?
NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use the VPN rated #1 for Apple devices with no restrictions for a month. That’s perfect for anyone interested in digital privacy who wants to try before they buy.
There are no hidden terms—just contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.
What is the Apple security alert scam?
Essentially, this scam entails sending you a fraudulent Apple security alert. It may arrive via text message, email, or pop up window. Victims are often asked to log into a website in order to learn more or take preventative action. Of course, the website is designed to steal your login credentials, allowing hackers to take over your account.
It’s a fairly typical phishing attempt with dozens of variations. In some cases, you might be asked to call a phone number – the person on the other end of the line is still going to try to steal your login info but may also ask for additional information such as your full name, address, or date of birth to “confirm” your identity. Naturally, any information you provide will be used to try and break into your account or answer your password recovery questions.
There are a couple of different approaches the criminal can take, too. For instance, the fake Apple employee might try to get you to install remote screen-sharing software so they can provide “assistance”. Instead, they take control of your device and attempt to access your accounts. Alternatively, they might try to sell you software or a subscription to remove viruses; however, you were never really infected by a virus, and the software they install is either completely useless or designed to compromise your system.
How to tell if an Apple security alert is genuine
Let’s assume you’ve received a threat notification claiming to be from Apple. The company’s own website explains exactly how they’ll contact you if your account is under threat: email, iMessage, and a banner on their website when you log in.
If you received a security alert via any other method (including WhatsApp messages, SMS, pop-ups, or social media DMs), it’s fake and not to be trusted.
So far, so good. But how can you make sure that the alert is genuine if it arrived via email? After all, anyone could pretend to be Apple and send you an email. First, if you have multiple email addresses, check if the alert was sent to the email address linked to your Apple account. If not, it’s another fake and should be reported to reportphishing@apple.com.
Just because the alert was sent to your Apple email account doesn’t mean it’s legitimate, though. Unfortunately, no matter how official an email looks, you can’t take it at face value. After all, it’s extremely easy to make an email appear to be from a different sender or create links that look safe but actually lead to shady sites.
We’d advise against opening the email at all and instead, manually signing in at account.apple.com. If you have an actual security alert, you should see a message at the top of the screen.
How to stop getting fake Apple threat notifications
There are generally two ways you’ll encounter fake Apple security alerts: they’ll either be sent to you directly or you’ll encounter them while browsing the internet. Below, we’ll explain what you can do to minimize contact with these kinds of messages, thereby lowering your chance of falling for their tricks.
Stopping fake Apple alerts that arrive by email or text message
If you mostly receive fake Apple security warnings via email, you’re probably not being individually targeted. An estimated 3.4 billion spam emails are sent every day. If you receive a scam Apple alert, then mark it as spam and block the sender. Try to avoid opening these emails at all if you can, since many cybercriminals use tracking pixels to tell if you read their message or not (though these can be blocked if you activate Apple’s Protect Mail Activity feature in the settings). Naturally, users who consistently interact with spam emails are better targets for future spam campaigns.
If you’re receiving a high volume of Apple alert emails, then you may also want to set up an email filter. Sometimes, spammers will inadvertently help us by misspelling words. For instance, if they spell the company name “Appl”, we can simply block this term without worrying about missing genuine alerts. Just be aware that if you do block the word “Apple”, you won’t receive official security alerts via email anymore (though these will still be sent over iMessage, and the alert banner will remain on Apple’s website).
Stopping Apple security alerts that appear on websites or via pop-up
Remember: Apple will never show you a security alert on any website other than its own. As such, any threat notifications that show up elsewhere are fake. If you mostly encounter fake Apple alerts when browsing the web, good news: there’s a quick and easy fix.
Simply install an ad-blocker (whether it’s a standalone service or integrated into your browser, VPN, or antivirus app) and you’ll notice that most of them disappear immediately. We’d also recommend using a service (whether it’s a VPN, ad-blocker, or browser) with an integrated pop-up blocker.
Apple security alerts: Frequently Asked Questions
Am I getting Apple security alerts because of a virus?
This is possible, though not the most likely cause. The majority of fake security alerts are delivered via spam messages or malicious ads on less-reputable websites. Still, adware can’t be ruled out. Your best bet is to run a comprehensive virus scan and if it comes back clear, take steps to limit the number of scam alerts you receive (by blocking ads and flagging messages as spam).
How can I recognize a fake Apple security alert?
Criminals are very good at making their spam emails look genuine, but they often have several telltale signs that indicate they’re fake. Apple is a multi-billion dollar company, so they’re unlikely to send out an official email that’s riddled with typos, for instance.
As with most scams, fake Apple security alerts try to instill a sense of urgency in victims. If you feel rushed to make a decision regarding money, passwords, or personal info, then stop and take a moment to consider that it could be a scam.
We’d also suggest paying attention to whether the alert actually provides any personal information about you. Is it vague, with terms like “Dear customer” instead of your name? If the alert stresses with the consequences of inaction (“ACT NOW OR YOUR APPLE ID WILL BE LOCKED”), that’s a major red flag and all but guarantees the message is a fake.
Does Apple send security alerts on Safari?
No. Apple will never notify you of an account breach via browser popup, regardless of whether you’re using Safari, Chrome, or any other service. They have three ways of alerting you of problems: emailing the address linked to your Apple ID, sending an iMessage, and displaying a notification at the top of the Apple website once you’ve logged in. If you see a security alert anywhere else, then it’s fake and should not be engaged with.
Other Apple articles: