TLDR
Apple sends 'threat notification' emails + iCloud banners when it believes a user is targeted by state grade mercenary spyware (NSO Pegasus, Intellexa Predator, Paragon Graphite, etc). Often delivered via zero click iMessage / Photos /...
How it works
Apple sends 'threat notification' emails + iCloud banners when it believes a user is targeted by state grade mercenary spyware (NSO Pegasus, Intellexa Predator, Paragon Graphite, etc). Often delivered via zero click iMessage / Photos /...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Tells: 1) email from threat notifications@apple.com (verify URL goes to apple.com); 2) iCloud login banner; 3) unusual battery drain / heat; 4) device feels 'sluggish' after a missed call or unknown iMessage; 5) FaceTime / iMessage shows 'unknown caller' attempts.
Source
Apple-Threat-Notification
Source reviewed by Mythos Forensic Team
https://support.apple.com/en-us/102174FAQ
Is Apple Threat Notification — mercenary spyware (Pegasus / Predator) zero click a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Tells: 1) email from threat notifications@apple.com (verify URL goes to apple.com); 2) iCloud login banner; 3) unusual battery drain / heat; 4) device feels 'sluggish' after a missed call or unknown iMessage; 5) FaceTime / iMessage shows 'unknown caller' attempts.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.