Don’t Fall for These Scam “notifications” on Your Mac

You’re minding your own business, doing some work on your Mac, when all of a sudden you get a notification from System Preferences: Your iCloud has been hacked! Click here to remove the virus. Wait, though: any program that tells you to “click here” to “remove a virus” is lying to you and cannot be trusted. But the fact that this is coming as a notification and not a shady email or text message is worrying. What’s happening?

I first became aware of the issue from this Reddit post from user ActivityHoliday . In their post, they say they recently uploaded a converted audio file, only to see this notification when they repeat:

This is not a popup that anyone wants to see, especially someone who doesn’t have a lot of experience with computers or cybersecurity.

Here’s your first red flag: Apple will never warn you about a security breach this way. The exclamation mark is a dead giveaway, but then again, no legitimate company or service will tell you “click here to remove a virus”. If Apple detects a security breach in your iCloud account, you will most likely receive an email or warning that reads: “Your Apple ID was used to sign in to iCloud on a Windows PC.”

But there is an easy way to see where the warning is coming from. Of course, at first glance, this seems to come directly from the iCloud section of System Preferences, given the big System Preferences icon and all. But as isommers1 Redditor points out in this Reddit thread, you can tell exactly where a notification came from by right-clicking it. I also didn’t know it was a feature: when I tested it on my existing Mac notifications, I could see that the reminder alert said “Reminder Notification”, the Slack alerts said “Slack Notifications”, and the Mail notifications it was written “Mail notifications”.

While the OP never answered, if they had right-clicked on that notification they would probably have seen “Safari Notifications” rather than “System Preferences Notifications”. Given the context, the notifications are likely coming from the website they downloaded the audio clip from, as they said there were no notifications before.

The next step is to ignore and dismiss this scam notification, exit Safari and restart it. This is enough to prevent receiving warnings. However, while right-clicking is perfectly safe to check the source of a notification, left-clicking is not. By clicking on this notification, you can go to a site that is trying to sell you their solution to your “virus problem”, but in reality is trying to either steal information from you or install malware on your device.

In short: when in doubt, don’t click.

More…

Leave a Reply