Don't Fall for These Scam 'Notifications' on Your Mac

You’re minding your own business, getting some work done on your Mac, when all of a sudden, you receive a notification from System Settings: Your iCloud is being hacked! Click here to remove the virus. Hold up, though: Any...

Don't Fall for These Scam 'Notifications' on Your Mac

Image for article titled Don't Fall for These Scam 'Notifications' on Your Mac

Photo: GaudiLab (Shutterstock)

You’re minding your own business, getting some work done on your Mac, when all of a sudden, you receive a notification from System Settings: Your iCloud is being hacked! Click here to remove the virus. Hold up, though: Any program telling you to “click here” to “remove the virus” is lying to you, and shouldn’t be trusted. But the fact that this is coming as a notification, rather than a shady email or text message, is concerning. What’s going on?

I first learned about the issue from this Reddit post from user ActivityHoliday. In their post, they say they recently downloaded a converted sound file, only to encounter this notification on repeat:

Image for article titled Don't Fall for These Scam 'Notifications' on Your Mac

Image: ActivityHoliday/Reddit

It’s not a pop-up anyone wants to see, least of which anyone without much experience with computers or cybersecurity.

Here’s your first red-flag: Apple would never alert you to a security breach this way. The exclamation point is a dead giveaway, but again, no legitimate company or service will tell you to “click here to remove the virus.” If Apple does detect a security breach with your iCloud account, you’ll likely receive an email or alert along the lines of: “Your Apple ID was used to sign in to iCloud on a Windows PC.”

G/O Media may get a commission

But there’s an easy way to see where the alert is coming from. Sure, from first glance, it looks like it’s coming directly from the iCloud section of System Settings, given the big System Settings icon and all. But as Redditor isommers1 points out in that Reddit thread, you can tell exactly where the notification came from by right-clicking on it. I didn’t know this was a feature, either: When I tested it out on my existing Mac notifications, I could see that a Reminders alert said “Reminders Notification,” Slack alerts said “Slack Notifications,” and Mail notifications read, “Mail Notifications.”

While OP never responded, had they right-clicked on that notification, they probably would have seen “Safari Notifications” rather than “System Settings Notifications.” Given the context, the notifications are probably coming from the website they downloaded the audio clip from, since they said the alerts weren’t happening before that.

The next step, then, would be to ignore and dismiss this scammy notification, quit Safari, and relaunch it. That’s enough to stop the alerts from coming through. However, while a right-click is perfectly safe to test the origin of the notification, a left click isn’t. Clicking on that notification might take you to a site that is attempting to sell you on its solution to your “virus problem,” but really is trying to either steal information from you or install malware on your device.

Long story short: When in doubt, don’t click.