Apple is issuing threat notifications to users who it believed were victims of ‘state-sponsored attacks’. It has also published a support page about what this notification will look like for users.
How Apple Will Alert You
According to an Apple support document the company plans on issuing the threat alerts in two ways. The first involves displaying a threat notification at the top of the page when a user signs into appleid.apple.com where they can manage their account.
The second involves Apple sending an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.“These notifications provide additional steps that notified users can take to help protect their devices,” the company said. To stay protected, the support page advise users to update their devices to latest version, use multi-factor authentication on their online accounts, and avoid clicking on links and attachments from unknown senders.
It's also important to be on guard against hackers attempting to spoof, Apple’s threat system by sending you a fake email or iMessage impersonating the company. As a result, Apple points out that the “threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone.“To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.Apple isn’t disclosing how it’s trying to detect the state-sponsored hacking activities since the information may help the attackers evade detection. The company also notes “detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.
All users should continue to protect themselves from cybercriminals and consumer malware by following best practices for security:
Update devices to the latest software, as that includes the latest security fixes
Protect devices with a passcode
Use two-factor authentication and a strong password for Apple ID
Install apps from the App Store
Use strong and unique passwords online
Don’t click on links or attachments from unknown senders
If you have not received an Apple threat notification, but have good reason to believe you may be targeted, you can enable Lockdown Mode on your Apple devices to help protect against highly sophisticated attacks.