Fake iCloud phishing screen - how to remove

Norton Security | Norton Internet Security
1

I carelessly clicked on a link in an email directing me to my Apple account (I am using Win11), and although I quickly realized my error and changed my password, I now have a persistent fake iCloud nag screen trying to get me to change my password. The link is trying to take me to a site called “iforgot.apple” which is a phishing site. It is persistent and will pop back up if i close the window (even through Task Manager). I tried Norton’s app Power Erasure - no hits. Also did a full system scan.

What to do? Thanks.

2

1566
1566619×375 82.1 KB

1567
1567628×380 89.8 KB

Product & version number:
OS details:
Error message:
Supporting screenshots: Show details
Do not post personally identifiable information:

1568
1568739×394 47.9 KB

=======================================================

AI Overview
Persistent fake iCloud password reset prompts
The persistent “Continue to sign in to iCloud” or “Reset Password” pop-up you’re seeing is likely part of a sophisticated phishing scam targeting Apple users.

Here’s why and what you should do:

Understanding the threat

  • Phishing Scheme: These pop-ups are designed to mimic legitimate Apple system alerts but are actually attempts to trick you into revealing your iCloud credentials.
  • MFA Bombing: Attackers use your Apple ID (likely obtained through data breaches) and phone number to repeatedly trigger password reset requests on your device, creating a sense of urgency and potentially overwhelming you into taking action.
  • Spoofed Calls: Scammers may follow up with phone calls appearing to be from Apple Support, trying to trick you into revealing a one-time password or other sensitive information, according to India Today.

Immediate actions

  1. Do Not Respond: Do not click “Allow” or provide any information in the pop-up or in any related phone calls.
  2. Hang Up Suspicious Calls: If you receive a call, even if the caller ID appears legitimate, hang up immediately. Apple will never ask for your password or verification codes during a support call.
  3. Change Your Apple Account Password (Securely): Go directly to the official Apple ID website (appleid.apple.com) or use a trusted Apple device (one already signed in with a passcode) to change your Apple ID password, making sure to choose a strong and unique password you haven’t used elsewhere.
  4. Enable Two-Factor Authentication: If you haven’t already, enable two-factor authentication on your Apple ID for enhanced security.
  5. Review Devices and Sign out of Suspicious Ones: Check your Apple ID account for any unfamiliar or suspicious devices and sign them out, according to Reddit users.
  6. Report Phishing Attempts: Forward suspicious emails to reportphishing@apple.com and report suspicious messages or calls to Apple support and the FTC (ReportFraud.ftc.gov).

Long-term security measures

  • Install Software from Trusted Sources: Download apps and software only from the official App Store or directly from the developer’s website.
  • Be Skeptical of Unexpected Prompts: Always be cautious of unexpected prompts asking for your Apple ID password or security information.
  • Stay Informed: Regularly check Apple Support and other reputable security resources for information on the latest scams and security threats.

Important: Never share your Apple ID password, verification codes, device passcode, or recovery key with anyone. Apple will never ask you for this information.

AI responses may include mistakes.

==========================================

AI Overview
Experiencing a persistent iCloud password nag screen can be frustrating, especially if it seems fake or keeps reappearing. This could be a phishing attempt designed to steal your credentials.

Here’s how you can deal with it and enhance your security:

Recognizing fake iCloud password prompts

  • Check the Sender’s Address: Look closely at the email address from which the notification originated. Genuine emails from Apple will typically come from addresses ending in “@apple.com” or “@email.apple.com”.
  • Inspect the Language: Be wary of messages with grammatical errors, awkward phrasing, or generic greetings (“Dear Customer” instead of your name).
  • Assess Urgency: Scammers often try to create a sense of panic or urgency, using phrases like “immediate action required” or threatening account deactivation.
  • Preview Links (Do Not Click!): Hovering your cursor over a link (or long-pressing on a mobile device) will reveal the URL it leads to. If it’s not an official Apple domain, it’s likely a scam.
  • Note the Request: Apple will never ask for your password, verification codes, or personal information via email or text.

What to do

  1. Do Not Enter Your Password: If you suspect the prompt is fake, do not enter your password or any other personal information.
  2. Close the Pop-Up: Close the suspicious window or notification.
  3. Go Directly to iCloud Settings: Instead of clicking any links in the prompt, go directly to your device’s Settings, then to the iCloud or Apple ID section.
  4. Verify Your Account: Check your account details, including your signed-in devices, payment methods, and security information, for any unauthorized changes.
  5. Change Your Apple ID Password: If you have any concerns about your account’s security, change your Apple ID password immediately through the official Apple website (appleid.apple.com).
  6. Enable Two-Factor Authentication: If you haven’t already, enable two-factor authentication for an extra layer of security on your Apple ID.
  7. Monitor Your Account Activity: Regularly check for unusual or unauthorized activity related to your iCloud account or any linked accounts.
  8. Report the Scam: If you receive a suspicious email, you can forward it to Apple at reportphishing@apple.com.
  9. Consider Malware Scan (Mac): If you’re on a Mac and experiencing persistent fake pop-ups, consider running a reputable antivirus scan to check for potential malware or adware on your system.

Important: If you inadvertently entered your credentials on a fake iCloud login page, immediately change your Apple ID password on the official Apple website and consider removing any stored payment methods from your Apple account. You should also contact your credit card company or bank to report potential fraud if you’ve entered your payment details.

AI responses may include mistakes.

3

This is all good information, but my question is how do I remove the persistent Nag-screen (it looks just like the iCloud login screen but links to the above-mentioned phishing scam)? Also, Norton does not identify this as a problem (nor does Malwarebytes, for that matter). I find Norton to be good at keeping me safe, but it has missed this one completely. Am I not using the Norton software correctly?

Updated info: I do have the Genie Scam Protection enabled in the Norton software. Running Win11 on a Dell Desktop. Windows is fully up-to-date.

Thanks to the community.

4

Product & version number:
OS details:
Error message:
Supporting screenshots: Show details
Do not post personally identifiable information:

Were my machine and I wanted reassurance.
I’d ask Malwarebytes Malware Removal Help Forums [here] to check my machine.

5

@DLaspa Delete the cookies and caches from ALL browsers installed on your computer. Next download and run a full scan with Malwarebytes to see what it finds. Please let us know your results to follow-up.

SA

6

Maybe, @DLaspa ran Malwarebytes → Threat Scan.