How to get rid of a fake Apple security alert and why you’re seeing it

Few things are as scary and nerve-racking as getting an alert that says you have been hacked and your private data may be at risk. When you get these types of messages, your instincts kick in. 

But don’t fret just yet. Before backing up your data, changing your passwords, or even hard-resetting your iPhone or Mac, you should learn what an Apple security threat alert notification really is. You might not be seeing a legitimate notification at all.

Read on to find out what an Apple security alert is, how to spot a fake one, and how to stop getting fake Apple security warnings.

What is the Apple Security Alert scam?

An Apple security alert scam is a pop-up designed to trick you into thinking it’s a legitimate security warning from Apple. The goal of this scam is usually to get you to click on a sketchy link.

If you click on the fake Apple security alert, you’ll be directed to a phishing site or a site that encourages you to download malware. It might say that your device is infected and that you need to download some software to clean it, or it might ask you to enter your Apple ID and password, email address and password, or even your banking information.

Whether the website lures you into downloading something or entering information, the goal is usually to steal your data for identity theft, ransom, or straight-up theft of your money.

Stay on top of cyber threats

Get cybersecurity news and lifehacks in our quick-to-the-point newsletter

Join the Newsletter

Done!

Sorry, this email doesn’t look right. Could you double-check it?

We’ve sent you a confirmation email, please take a look.

Thanks for subscribing!

We’ve sent you a confirmation email, please take a look.

Are there any real Apple Security Alerts?

Yes, it’s possible to receive an Apple security alert, but it’s rare. 

Apple might send you an email or iMessage that warns you about a security threat in specific and rare circumstances, such as when you’re being targeted by a malicious foreign state actor, but pop-up Apple and iOS security alerts are always fake.

Why you’re getting an Apple security alert pop-up

If you’re frequently seeing Apple security alerts on iPhone or Mac, this is probably because you have malicious software, such as a browser extension, installed on your device. The malware is trying to get you to click on the pop-up alert and visit a sketchy site. Alternatively, you might see malicious text message or email notifications from attackers pretending to be Apple. Here are the main reasons why you’re seeing Apple security alert pop-ups.

• PUP: If you’re getting fake security alerts, the most likely scenario is that you’ve downloaded malware or a potentially unwanted program (PUP), such as a browser extension. PUPs are technically downloaded with your consent, but you might not know exactly what the program is up to, or you might have agreed to install it without realizing it. PUPs may lead you to install browser hijackers, adware, spyware, or other malware. They don’t cause direct harm to your computer but can direct you to sites, downloads, and links that do. Giving you a fake Mac or iOS security alert is one way a PUP might do this.
• Phishing: Attackers may send you emails in which they attempt to pass as Apple security or support teams, urging you to click on a link, download a file, or respond with private data. This is an example of phishing, which is the attempt to trick you into divulging your personal information by pretending to be someone you trust, such as Apple. These emails might pop up as notifications on your phone, making you think they’re Apple security alerts. Or, you might visit the phishing link, and it might download malware that makes fake security alerts start popping up.
• Smishing: Smishing is like phishing, but done over text message instead of email. One kind of Apple security alert scam you might get on your iPhone uses smishing. An attacker might send you a text message claiming to be from Apple, attempting to get you to click on a link to restore your device to good health.

Does Apple send threat notifications?

On rare occasions, Apple will send security notifications. For example, you will be notified if someone is trying to access your iCloud account, if you visit a non-secure site, or if you are targeted by State-sponsored attacks executed by cybercriminals directly linked to a foreign country. But note that in none of these cases will Apple notify you through a pop-up notification.

If Apple detects any of these security incidents, they will contact you via email and iMessage through the phone number associated with your user’s Apple ID. When you are browsing unsafe websites or attempting to download dangerous apps, Apple may warn you with a “Not Secure” or “Website Not Secure” message in the top center of your Safari browser.

Here are the main differences between fake and real Apple security alerts:

• Attackers try to instill fear and a sense of urgency.
• Fake alerts usually breach a system through pop-ups, not system notifications.
• Apple rarely contacts you via email regarding security.
• Apple official emails do not insist that you download a file or click a link.

There are several more ways to detect fake security alerts on your Apple devices. Let’s dive into them.

How to spot a fake Mac or iPhone security alert

Apple security alert scams are pretty easy to spot because almost all security alerts, whether it’s an iPhone virus warning, a Mac’s hack alert, or anything in between, are fake. Nevertheless, there are some sure signs to look out for that suggest you’re looking at a scam rather than a real Apple message. Here are six key security alert notification signs to look out for. 

1. You are getting payment requests

Apple will never request payment through a security notification alert. Attackers design fake pop-up alerts and emails that create a false sense of crisis and later present the solution, which coincidently requires payment. 

2. Pop-ups, pop-ups, and more pop-ups

If your computer or phone is infected with malware or has a PUP, it will constantly flood you with pop-ups. In an attempt to create confusion and wear you out, attackers try to breach you with a technique called fatigue notification attacks. If you get a security notification pop-up and close it, only to get another and then another, you are being targeted by cybercriminals.

3. You are asked to share personal data like passwords

Cybercriminals launch security alert attacks to access systems, spread malware, and steal data or financial credentials. If a notification, an email, or someone on the phone asks you to share personal data — passwords, social security, or credit card information —  you should immediately disengage communications, block, and report the incident.

4. An urgent problem demands your immediate attention

Attackers know that when targeted users are calm and have time to think, they can see through their scams. Therefore, fake security notifications always insist on urgency. These alerts may even have fake timers on a countdown, insist that your data is at risk if you don’t take immediate action, or run fake antivirus scans. Ask yourself if it is normal for a real company to demand that you take action before giving you time to think about what is going on.

5. You are unexpectedly redirected to strange, unwanted sites

Browser hijacker malware is very effective and may redirect you to malicious sites you did not want to go to. You might be browsing the web and not even know that you are being redirected. Always check the URL, and verify that you have chosen that site. Criminals are also very effective at creating high-ranking unsafe sites in top web engine searches.

6. Your device is acting strangely

If your iPhone or Mac is slow, suddenly crashes, using too much power, or acting strangely, you should run a trusted antimalware program. Often, the first sign you will experience when being hacked or targeted is a gut feeling that something is wrong. Trust your instincts and pay close attention if your computer or phone is acting up.

How to remove the fake Apple security alert

There are four things you need to do to remove fake Apple security alerts. The first is to delete any unwanted apps or programs. Second, you must remove all extensions from your browser. The third step is to clean your browser cache. Additionally, you must ensure that your system is up to date and scan your device with trusted antimalware. Here is a step-by-step to get this done.

Get rid of the fake Apple security alert on Mac

One important step is to uninstall suspicious macOS applications. Here’s how:

1. Open the Finder.
2. Select Applications from the left-side panel.
3. Find any unwanted or strange apps.
4. Right-click the app and select Move to Bin
5. Enter your password to complete the action.

To remove unwanted Safari extensions:

1. Open Safari.
2. Click Safari, then Preferences.
3. Open the Extensions tab.
4. Search for anything that looks suspicious in the sidebar.
5. Click Uninstall.

Remove extensions in Firefox:

1. Open Firefox.
2. Click the menu icon (three horizontal lines), then Settings, and select Extensions & Themes.
3. Find any suspicious extensions.
4. Click … and Remove.

To remove extensions in Chrome:

1. Open Google Chrome.
2. Click the puzzle icon and select Manage Extensions.
3. Find the extensions that should not be there and click Remove.
4. Click Remove again to confirm.

Finally, you need to clear your browser cookies and cache. To clear your history and cookies on your Mac, Open Safari and click Clear History (in the menu bar top left of your screen). 

To do the same with Google Chrome, open Chrome, click Chrome in the menu bar (top-left corner), then choose Clear Browsing Data and pick a time range. You can also select All Time. Choose what data to clear with the checkboxes and click Clear Data.

Firefox has a similar process for removing cookies and clearing the cache. On your Mac, open Firefox and click History in the menu bar (top left of your screen). Click Clear Recent History, select the timeframe, choose what data to remove, and click OK.

Finally, running a professional and trusted antimalware is essential for Macs. CleanMyMac X, powered by Moonlock Engine, will delete any malware or PUP that triggers security alters on your Mac. You can also find and remove any unwanted files the malware or PUP created.

Get rid of the Apple security alert pop-up on your iPhone

To remove annoying and potentially dangerous security pop-up alerts on your iPhone, the process is very similar. Some apps will install root certificates on your phone to monitor your data and modify your system, so you need to delete that as well. 

To remove unwanted apps and configuration profiles:

1. In your iPhone or iPad, touch and hold the app until it jiggles.
2. Tap the delete button in the upper-left corner.
3. If you get a message that says, “Deleting this app will also delete its data,” select Delete.
4. Now remove the app’s configuration profile by going to Settings, General, and then Profiles or Profiles & Device Management.
5. Tap the app’s configuration profile.
6. Then tap Delete Profile. Enter your passcode if asked, and then tap Delete.
7. Restart your iPhone, iPad, or iPod touch.

You will also need to delete the history, cache, and cookies on your iPhone.

Clear your data in Safari

If using Safari, go to Settings and tap Clear History and Website Data. You can also block cookies for further protection by tapping Settings, selecting Safari, and turning on Block All Cookies.

To remove the Safari web extension on iPhone or iPad:

1. Go to Settings, choose Safari, and select Extensions.
2. Turn off any extension that shouldn’t be there.
3. Go to the Home screen and find the name of the extension you just turned off. It should appear as an App.
4. Delete the app by long-pressing the icon and tapping the Remove App button from the menu.
5. Confirm the deletion by tapping Yes to delete the app’s data.

Clear your data in Google Chrome

To remove the cache in the Google Chrome app:

1. Open the Chrome app.
2. At the bottom, tap More More.
3. Tap History and then Clear browsing data.
4. Confirm that the Cookies, Site Data, Cached Images, and Files boxes are checked.
5. Tap Clear browsing data.

In Google Chrome, you can remove extensions by selecting the More menu icon (three dots in the upper-right corner), tapping Extensions, and then selecting the trash can icon next to the extension you want to remove. Remember to search for the extensions installed in your browser. They should appear in your App Library.

To remove the cache for the Firefox app, follow the same steps listed above for removing the Firefox cache on Mac computers.

After you have gone through all these steps, restart your phone and make sure it is up to date.

If you’re seeing Apple warning messages about your device’s security, rest assured that these are almost certainly fake. Remember that Apple will never alert you that your computer, phone, or tablet has been hacked via a pop-up notification.

These pop-up alerts, far from being legitimate, are a common kind of Apple security alert scam. The most important thing to do if you’re seeing these pop-ups is to determine the cause and remove it from your device. This will usually be a PUP (potentially unwanted program), such as a browser extension you installed by accident. You should also report any phishing emails or text messages you receive, including those pretending to be from Apple.