Safer Web

How to get rid of a fake Apple security alert and why you’re seeing it

Ray Fernandez

Jul 17, 20237 min read

How to get rid of a fake Apple security alert and why you're seeing it (Header image)

Few things can be as scary and nerve-racking as getting an alert that says you have been hacked and that your private data may be at risk. When you get these types of messages, your instincts kick in. But before backing up your data, changing your passwords, or even hard-resetting your iPhone or Mac, you should learn what an Apple security threat alert notification really is.

Is the Apple security alert a scam?

If an Apple security alert appears as a pop-up in a web browser, the answer is always yes. It’s a scam. These phony alerts are a type of social engineering attack designed to trick you into giving away information or downloading malware. They are not system push notifications, nor are they real alerts from antimalware programs.

Why you’re getting an Apple security alert

If you are getting fake security alerts, the most likely scenario is that you have downloaded malware or a potentially unwanted program (PUP). By definition, PUPs are downloaded with your consent, but you may not know the full story of what the program is up to.

PUPs may lead to browser hijackers, adware, spyware, or other programs. They do not cause direct harm to your computer but can direct you to sites, downloads, and links that will. On the other hand, visiting a malicious site can also trigger fake Apple security alerts.

Finally, attackers may send you emails in which they attempt to pass as Apple security or support teams, urging that you click on a link, download a file, or respond with private data. Don’t fall for it.

Does Apple send threat notifications?

On rare occasions, Apple will send security notifications. For example, you will be notified if someone is trying to access your iCloud account, if you visit a non-secure site, or if you are targeted by State-sponsored attacks executed by cybercriminals directly linked to a foreign country. But note that in none of these cases will Apple notify you through a pop-up notification.

If Apple detects any of these security incidents, they will contact you via email and iMessage through the phone number associated with your user’s Apple ID. When you are browsing unsafe websites or attempting to download dangerous apps, Apple may warn you with a “Not Secure” or “Website Not Secure” message in the top center of your Safari browser.

Here are the main differences between fake and real Apple security alerts:

  • Attackers try to instill fear and a sense of urgency.
  • Fake alerts usually breach a system through pop-ups, not system notifications.
  • Apple rarely contacts you via email regarding security.
  • Apple official emails do not insist that you download a file or click a link.

There are several more ways to detect fake security alerts on your Apple devices. Let’s dive into them.

How to spot a fake Mac or iPhone security alert

Here are six key signs to look out for when dealing with security alert notifications. 

1. You are getting payment requests

Apple will never request payment through a security notification alert. Attackers design fake pop-up alerts and emails that create a false sense of crisis and later present the solution, which coincidently requires payment. 

2. Pop-ups, pop-ups, and more pop-ups

If your computer or phone is infected with malware or has a PUP, it will constantly flood you with pop-ups. In an attempt to create confusion and wear you out, attackers try to breach you with a technique called fatigue notification attacks. If you get a security notification pop-up and close it, only to get another and then another, you are being targeted by cybercriminals.

3. You are asked to share personal data like passwords

Cybercriminals launch security alert attacks to access systems, spread malware, and steal data or financial credentials. If a notification, an email, or someone on the phone asks you to share personal data — passwords, social security, or credit card information —  you should immediately disengage communications, block, and report the incident.

4. An urgent problem demands your immediate attention

Attackers know that when targeted users are calm and have time to think, they can see through their scams. Therefore, fake security notifications always insist on urgency. These alerts may even have fake timers on a countdown, insist that your data is at risk if you don’t take immediate action, or run fake antivirus scans. Ask yourself if it is normal for a real company to demand that you take action before giving you time to think about what is going on.

5. You are unexpectedly redirected to strange, unwanted sites

Browser hijacker malware is very effective and may redirect you to malicious sites you did not want to go to. You might be browsing the web and not even know that you are being redirected. Always check the URL, and verify that you have chosen that site. Criminals are also very effective at creating high-ranking unsafe sites in top web engine searches.

6. Your device is acting strangely

If your iPhone or Mac is slow, suddenly crashes, using too much power, or acting strangely, you should run a trusted antimalware program. Often, the first sign you will experience when being hacked or targeted is a gut feeling that something is wrong. Trust your instincts and pay close attention if your computer or phone is acting up.

How to remove the fake Apple security alert from your device

There are four things you need to do to remove fake Apple security alerts. The first is to delete any unwanted apps or programs. Second, you must remove all extensions from your browser. The third step is to clean your browser cache. Additionally, you must ensure that your system is up to date and scan your device with trusted antimalware. Here is a step-by-step to get this done.

Get rid of the fake Apple security alert on Mac

One important step is to uninstall suspicious macOS applications. Here’s how:

  1. Open the Finder.
  2. Select Applications from the left-side panel.
  3. Find any unwanted or strange apps.
  4. Right-click the app and select Move to Bin
  5. Enter your password to complete the action.

To remove unwanted Safari extensions:

  1. Open Safari.
  2. Click Safari, then Preferences.
  3. Open the Extensions tab.
  4. Search for anything that looks suspicious in the sidebar.
  5. Click Uninstall.
Get rid of the fake Apple security alert on Mac: Screenshot

Remove extensions in Firefox:

  1. Open Firefox.
  2. Click the menu icon (three horizontal lines), then Settings, and select Extensions & Themes.
  3. Find any suspicious extensions.
  4. Click … and Remove.

To remove extensions in Chrome:

  1. Open Google Chrome.
  2. Click the puzzle icon and select Manage Extensions.
  3. Find the extensions that should not be there and click Remove.
  4. Click Remove again to confirm.

Finally, you need to clear your browser cookies and cache. To clear your history and cookies on your Mac, Open Safari and click Clear History (in the menu bar top left of your screen). 

To do the same with Google Chrome, open Chrome, click Chrome in the menu bar (top-left corner), then choose Clear Browsing Data and pick a time range. You can also select All Time. Choose what data to clear with the checkboxes and click Clear Data.

Firefox has a similar process for removing cookies and clearing the cache. On your Mac, open Firefox and click History in the menu bar (top left of your screen). Click Clear Recent History, select the timeframe, choose what data to remove, and click OK.

Finally, running a professional and trusted antimalware is essential for Macs. CleanMyMac X, powered by Moonlock Engine, will delete any malware or PUP that triggers security alters on your Mac. You can also find and remove any unwanted files the malware or PUP created.

The Malware Removal module in CleanMyMac X, powered by Moonlock Engine

Get rid of the security alert pop-up on your iPhone

To remove annoying and potentially dangerous security pop-up alerts on your iPhone, the process is very similar. Some apps will install root certificates on your phone to monitor your data and modify your system, so you need to delete that as well. 

To remove unwanted apps and configuration profiles:

  1. In your iPhone or iPad, touch and hold the app until it jiggles.
  2. Tap the delete button in the upper-left corner.
  3. If you get a message that says, “Deleting this app will also delete its data,” select Delete.
  4. Now remove the app’s configuration profile by going to Settings, General, and then Profiles or Profiles & Device Management.
  5. Tap the app’s configuration profile.
  6. Then tap Delete Profile. Enter your passcode if asked, and then tap Delete.
  7. Restart your iPhone, iPad, or iPod touch.

You will also need to delete the history, cache, and cookies on your iPhone.

Clear your data in Safari

If using Safari, go to Settings and tap Clear History and Website Data. You can also block cookies for further protection by tapping Settings, selecting Safari, and turning on Block All Cookies.

To remove the Safari web extension on iPhone or iPad:

  1. Go to Settings, choose Safari, and select Extensions.
  2. Turn off any extension that shouldn’t be there.
  3. Go to the Home screen and find the name of the extension you just turned off. It should appear as an App.
  4. Delete the app by long-pressing the icon and tapping the Remove App button from the menu.
  5. Confirm the deletion by tapping Yes to delete the app’s data.

Clear your data in Google Chrome

To remove the cache in the Google Chrome app:

  1. Open the Chrome app.
  2. At the bottom, tap More More.
  3. Tap History and then Clear browsing data.
  4. Confirm that the Cookies, Site Data, Cached Images, and Files boxes are checked.
  5. Tap Clear browsing data.

In Google Chrome, you can remove extensions by selecting the More menu icon (three dots in the upper-right corner), tapping Extensions, and then selecting the trash can icon next to the extension you want to remove. Remember to search for the extensions installed in your browser. They should appear in your App Library.

To remove the cache for the Firefox app, follow the same steps listed above for removing the Firefox cache on Mac computers.

After you have gone through all these steps, restart your phone and make sure it is up to date.

Overall, remember that Apple will never alert you that your computer, phone, or tablet has been hacked via a pop-up notification. Don’t fall for these scams. And don’t forget to take the proper steps to remove the source of the problem to stay safe in the future.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.