How to get rid of a fake Apple security alert and why you’re seeing it

For years, Macs were believed to be immune to malware. Naturally, Mac users learned to trust their computers, including the notifications they show. So when an Apple security alert appears, people don’t question it and don’t look for red flags. Unfortunately, bad actors have learned to exploit this trust and now use it regularly to lure Mac users into downloading malware or giving away sensitive information.

Apple security alert scams are more widespread than ever, and they become more sophisticated and versatile each day. Read on to find out what an Apple security alert is, how to spot a fake one, and how to stop getting fake Apple security warnings.

What is the Apple Security Alert scam?

An Apple security alert scam is a pop-up designed to trick you into thinking it’s a legitimate security virus warning from Apple. The goal of this scam is usually to get you to click on a sketchy link, enter your password, or grant access to your device – this list is not exhaustive.

Stay on top of cyber threats

Get cybersecurity news and lifehacks in our quick-to-the-point newsletter

Done!

Sorry, this email doesn’t look right. Could you double-check it?

We’ve sent you a confirmation email, please take a look.

Thanks for subscribing!

We’ve sent you a confirmation email, please take a look.

If you click on the fake Apple security alert, you’ll be directed to a phishing site or a site that encourages you to download malware. It might say that your device is infected and that you need to download some software to clean it, or it might ask you to enter your Apple ID and password, email address and password, or even your banking information.

Whether the website lures you into downloading something or entering information, the goal is usually to steal your data for identity theft, ransom, or straight-up theft of your money.

Are there any real Apple Security Alerts?

Yes, it’s possible to receive an Apple security alert, but it’s rare. 

Apple might send you an email or iMessage that warns you about a security threat in specific and rare circumstances, such as when you’re being targeted by a malicious foreign state actor, but pop-up Apple and iOS security alerts are always fake.

Why you’re getting an Apple security alert pop-up

If you’re frequently seeing Apple security alerts on iPhone or Mac, this is probably because you have malicious software, such as a browser extension, installed on your device. The malware is trying to get you to click on the Apple virus warning alert and visit a sketchy site. Alternatively, you might see malicious text message or email notifications from attackers pretending to be Apple. Here are the main reasons why you’re seeing Apple security alert pop-ups.

• PUA: If you’re getting fake security alerts, the most likely scenario is that you’ve downloaded a potentially unwanted application (PUA), such as a browser extension. PUAs are technically downloaded with your consent, but you might not know exactly what the program is up to, or you might have agreed to install it without realizing it. PUAs may lead you to install browser hijackers, adware, spyware, or other malware. They don’t cause direct harm to your computer but can direct you to sites, downloads, and links that do. Giving you a fake Mac or iOS security alert is one way a potentially unwanted application might do this.
• Phishing: Attackers may send you emails in which they attempt to pass as Apple security or support teams, urging you to click on a link, download a file, or respond with private data. This is an example of phishing, which is the attempt to trick you into divulging your personal information by pretending to be someone you trust, such as Apple. These emails might pop up as notifications on your phone, making you think they’re Apple security alerts. Or, you might visit the phishing link, and it might download malware that makes fake security alerts start popping up.
• Smishing: Smishing is like phishing, but done over text message instead of email. One kind of Apple security alert scam you might get on your iPhone uses smishing. An attacker might send you a text message claiming to be from Apple, attempting to get you to click on a link to restore your device to good health.

If you see a suspicious alert, don’t act immediately. Pause, reflect, and stay calm before deciding what to do.

Mykhailo Hrebeniuk, Moonlock Lab expert

Does Apple send threat notifications?

On rare occasions, Apple will send security notifications. For example, you will be notified if someone is trying to access your iCloud account, if you visit a non-secure site, or if you are targeted by State-sponsored attacks executed by cybercriminals directly linked to a foreign country. But note that in none of these cases will Apple notify you through a pop-up notification.

If Apple detects any of these security incidents, they will contact you via email and iMessage through the phone number associated with your user’s Apple ID. When you are browsing unsafe websites or attempting to download dangerous apps, Apple may warn you with a “Not Secure” or “Website Not Secure” message in the top center of your Safari browser.

Here are the main differences between fake and real Apple security alerts:

• Attackers try to instill fear and a sense of urgency.
• Apple security scam alerts usually breach a system through pop-ups, not system notifications.
• Apple rarely contacts you via email regarding security.
• Apple official emails do not insist that you download a file or click a link.

There are several more ways to detect fake security alerts on your Apple devices. Let’s dive into them.

How to spot a fake Mac or iPhone security alert

Apple security alert scams are pretty easy to spot because almost all security alerts, whether it’s an iPhone virus warning, a Mac’s hack alert, or anything in between, are fake. Nevertheless, there are some sure signs to look out for that suggest you’re looking at a scam rather than a real Apple message. Here are six key security alert notification signs to look out for. 

1. Payment requests are a big sign of a fake Apple virus warning

Apple will never request payment through a security notification alert. Attackers design fake pop-up alerts and emails that create a false sense of crisis and later present the solution, which coincidently requires payment. 

Ask yourself: Why am I seeing this message, what emotions is it triggering, and what is it pushing me to do?

Mykhailo Hrebeniuk, Moonlock Lab expert

2. Pop-ups, pop-ups, and more pop-ups

If your computer or phone is infected with malware or has a PUA, it will constantly flood you with pop-ups. In an attempt to create confusion and wear you out, attackers try to breach you with a technique called fatigue notification attacks. If you get a security notification pop-up and close it, only to get another and then another, you are being targeted by cybercriminals.

3. You are asked to share personal data like passwords

Cybercriminals launch security alert attacks to access systems, spread malware, and steal data or financial credentials. If a notification, an email, or someone on the phone asks you to share personal data — passwords, social security, or credit card information —  you should immediately disengage communications, block, and report the incident.

4. An urgent problem demands your immediate attention

Attackers know that when targeted users are calm and have time to think, they can see through their scams. Therefore, fake security notifications always insist on urgency. These Apple security alerts may even have fake timers on a countdown, insist that your data is at risk if you don’t take immediate action, or run fake antivirus scans. Ask yourself if it is normal for a real company to demand that you take action before giving you time to think about what is going on.

5. You are unexpectedly redirected to strange, unwanted sites

Browser hijacker malware is very effective and may redirect you to malicious sites you did not want to go to. You might be browsing the web and not even know that you are being redirected. Always check the URL, and verify that you have chosen that site. Criminals are also very effective at creating high-ranking unsafe sites in top web engine searches.

Social engineering relies on rushed decisions. Even a short pause can shift your reaction from emotional to logical.

Mykhailo Hrebeniuk, Moonlock Lab expert

6. Fraudulent support calls

If you get a call from the Apple support team claiming that there’s suspicious activity on your device, hang up right away. Real Apple representatives only contact you if you’ve requested help yourself. If you’re worried about your digital security, check out devices tied to your iCloud and remove any that don’t belong to you. Change your Apple Account password and report the fraudulent support call to reportfraud.ftc.gov.

How to remove the fake Apple security alert

There are four things you need to do to remove fake Apple security alert scam. The first is to delete any unwanted apps or programs. Second, you must remove all extensions from your browser. The third step is to clean your browser cache. Additionally, you must ensure that your system is up to date and scan your device with trusted antimalware. Here is a step-by-step to get this done.

Get rid of the fake Apple security alert automatically from your Mac

To save you time and effort of wandering across different apps and their settings, run your anti-malware software. It’ll help you get rid of the fake Apple security warning. 

We recommend using a virus scanner that’s designed specifically for Mac computers, because other cybersecurity apps might just be too focused on Windows malware and not have the latest macOS samples in their database.

Moonlock is the perfect choice for finding and neutralizing fake Apple security alerts. It was built specifically for Mac and it has tunnel vision for Mac-specific threats.

Here’s how you can use it to find and remove malware causing the fake alerts without much effort:

1. Sign up for a free 7-day trial of Moonlock
2. Open Moonlock, then click on Malware Scanner in the sidebar.
3. Choose the depth of the scan. Deep leaves no byte unturned, Quick checks the most vulnerable folders, and Balanced is in the middle of this scale.
4. Hit Scan. 
5. When the scan is complete, Moonlock might recommend you open Quarantine. It means that it found something sketchy. 
6. Review the files in Quarantine. If you don’t need or recognize them, click Remove.

After the scan, make sure that Moonlock’s real-time protection is active. This way, if new malware tries to sneak in, Moonlock will counterattack it without you even lifting a finger.

How to remove the Apple security warning manually on the Mac

One important step is to uninstall suspicious macOS applications. Here’s how:

1. Open the Finder.
2. Select Applications from the left-side panel.
3. Find any unwanted or strange apps.
4. Right-click the app and select Move to Bin
5. Enter your password to complete the action.

To remove unwanted Safari extensions:

1. Open Safari.
2. Click Safari, then Preferences.
3. Open the Extensions tab.
4. Search for anything that looks suspicious in the sidebar.
5. Click Uninstall.

To remove extensions in Chrome:

1. Open Google Chrome.
2. Click the puzzle icon and select Manage Extensions.
3. Find the extensions that should not be there and click Remove.
4. Click Remove again to confirm.

Remove extensions in Firefox:

1. Open Firefox.
2. Click the menu icon (three horizontal lines), then Settings, and select Extensions & Themes.
3. Find any suspicious extensions.
4. Click … and Remove.

Finally, you need to clear your browser cookies and cache. To clear your history and cookies on your Mac, Open Safari and click Clear History (in the menu bar top left of your screen). 

To do the same with Google Chrome, open Chrome, click Chrome in the menu bar (top-left corner), then choose Clear Browsing Data and pick a time range. You can also select All Time. Choose what data to clear with the checkboxes and click Clear Data.

Firefox has a similar process for removing cookies and clearing the cache. On your Mac, open Firefox and click History in the menu bar (top left of your screen). Click Clear Recent History, select the timeframe, choose what data to remove, and click OK.

Get rid of the Apple security alert pop-up on your iPhone

To remove annoying and potentially dangerous security pop-up alerts on your iPhone, the process is very similar. Some apps will install root certificates on your phone to monitor your data and modify your system, so you need to delete that as well. 

To remove unwanted apps and configuration profiles:

1. In your iPhone or iPad, touch and hold the app until it jiggles.
2. Tap the delete button in the upper-left corner.
3. If you get a message that says, “Deleting this app will also delete its data,” select Delete.
4. Now remove the app’s configuration profile by going to Settings, General, and then Profiles or Profiles & Device Management.
5. Tap the app’s configuration profile.
6. Then tap Delete Profile. Enter your passcode if asked, and then tap Delete.
7. Restart your iPhone, iPad, or iPod touch.

You will also need to delete the history, cache, and cookies on your iPhone.

Clear your data in Safari

If using Safari, go to Settings and tap Clear History and Website Data. You can also block cookies for further protection by tapping Settings, selecting Safari, and turning on Block All Cookies.

To remove the Safari web extension on iPhone or iPad:

1. Go to Settings, choose Safari, and select Extensions.
2. Turn off any extension that shouldn’t be there.
3. Go to the Home screen and find the name of the extension you just turned off. It should appear as an App.
4. Delete the app by long-pressing the icon and tapping the Remove App button from the menu.
5. Confirm the deletion by tapping Yes to delete the app’s data.

Clear your data in Google Chrome

To remove the cache in the Google Chrome app:

1. Open the Chrome app.
2. At the bottom, tap More More.
3. Tap History and then Clear browsing data.
4. Confirm that the Cookies, Site Data, Cached Images, and Files boxes are checked.
5. Tap Clear browsing data.

In Google Chrome, you can remove extensions by selecting the More menu icon (three dots in the upper-right corner), tapping Extensions, and then selecting the trash can icon next to the extension you want to remove. Remember to search for the extensions installed in your browser. They should appear in your App Library.

To remove the cache for the Firefox app, follow the same steps listed above for removing the Firefox cache on Mac computers.

After you have gone through all these steps, restart your phone and make sure it is up to date.

The hidden dangers behind fake Apple security alerts

Occasionally we hear about zero-day threats making headlines — how bad actors exploited a previously unknown vulnerability — and Apple urging everyone to update their devices. With stories like these in mind, it’s only natural to react to an Apple security alert, click on it to learn more. The consequences, however, are opposite from the peace of mind that we hoped to get after clicking:

Malware infection

Malware is often what hides behind a fake Apple security alert. Victims are led to a sketchy website designed to trick them into downloading even more dangerous malware than the one that had caused the fake security pop-ups to appear in the first place.

Apple Account takeover

macOS often asks for your user account credentials, a familiar prompt most of us trust without hesitation. Apple security alert scams exploit that trust, mimicking the same system window to harvest credentials. Once you enter your name and password, your Apple account can be taken hostage, opening the door to extortion and the next danger on our list.

Theft of personal and financial data

If you accidentally provide scammers with credentials to your Apple Account, they might figure out how to get to your billing address and banking information. Or, they might lure you into entering these sensitive details, pretending to be from Apple support.

Password leaks and chain infection

By mimicking a genuine macOS security alert, scammers can prompt unsuspecting victims to reveal their Mac user passwords. If they rely on the built-in Passwords app, that single password unlocks access to everything stored inside — from the victims’ email to social and banking accounts. With that access, attackers will impersonate them and spread the same scam among their contacts.

How to protect your devices from an Apple security alert scam

A few simple tips can help you keep scammers and fake-notification malware at bay. Here’s what you can do:

Make sure system updates are on

When a vulnerability is discovered on an Apple device, the company quickly releases a security update for all users. That’s why it’s best to keep automatic updates turned on for Macs, iPhones, and iPads. 

Make a habit of checking your system settings now and then to ensure system, app, and security response updates are enabled. For those who own a Mac, Moonlock’s System Protection can check these and other key security settings for you automatically.

Here’s how Moonlock reminds you to turn on macOS software updates:

1. Open Moonlock.
2. Click System Protection on the left, then hit Run. 
3. Moonlock will show you how many security settings on your Mac need better (and safer!) configurations. Click Review.
4. You’ll see a list of all macOS security tools: some of them are already set up and marked as Done — and some have no labels attached. Follow their step-by-step instructions on how to make your Mac more secure.
5. Once you finish the last step of each instruction, click Send for Check. Moonlock will remember to review the changes in the system settings.
6. Click Check in the bottom-right corner after you went through all the security tools in the list. Moonlock will see if all are configured to your advantage.

All security patches from Apple will be installed on your Mac if you have all updates enabled. Moonlock will help you find them and fine-tune, so you’re always confident that you have the latest protection against zero-day and other threats.

Run anti-malware protection in the background

To make sure that no PUP and no virus scares you with fake Apple security warnings, install anti-malware apps with a background scanner. Every time when a malicious app tries to get its claws on your Mac or iPhone, the scanner will instantly block and remove it. 

For Mac computers, Moonlock does this job perfectly. Its real-time protection feature gets updated regularly based on real macOS malware investigations by Moonlock Lab. When a new threat is discovered, Moonlock’s real-time protection is already prepared to stop it at the first sight.

Use an ad blocker

Apple security alert scams pretty often spread through browser pop-ups. If you visit websites with tons of ads, you might have seen them in action. 

A simple ad blocker can save you from an unfortunate mislick or a very convincing system notification designed to trigger emotion. This tip might sound mundane but sometimes such little actions can make a big difference in your digital security.

If you’re seeing Apple warning messages about your device’s security, rest assured that these are almost certainly fake. Remember that Apple will never alert you that your computer, phone, or tablet has been hacked via a pop-up notification.

These pop-up alerts, far from being legitimate, are a common kind of Apple security alert scam. The most important thing to do if you’re seeing these pop-ups is to determine the cause and remove it from your device. This will usually be a PUA (potentially unwanted application), such as a browser extension you installed by accident. You should also report any phishing emails or text messages you receive, including those pretending to be from Apple.