It was a normal day when Jay Gibson got an unexpected notification on his iPhone. “Apple detected a targeted mercenary spyware attack against your iPhone,” the message read. Ironically, Gibson had worked at companies developing exactly this kind of spyware, so he was shocked to receive such a message himself. Feeling panicked, he called his father, switched off his phone, and bought a new one.

“I was panicking,” he told TechCrunch. “It was a mess. It was a huge mess.” Gibson is one of an increasing number of people who get notifications from Apple, Google, and WhatsApp, all warning users about government-backed spyware attacks. These tech giants are being more proactive, quickly alerting their users if they detect attacks linked to spyware from companies like Intellexa, NSO Group, and Paragon Solutions. However, after sending an alert, the companies usually direct users to external experts for further help, and they step away from the process.

Çfarë duhet të bëni nëse merrni një njoftim kërcënues?

Take these warnings seriously. These tech companies have advanced systems and security teams that monitor malicious activities. If they believe you were targeted, there is probably a valid reason. However, if you receive a notification from Apple or WhatsApp, it doesn’t always mean you were successfully hacked—the hacking attempt could have failed, but they will still let you know someone tried.

For example, Google may notify you that a government-backed attacker tried to access your account, and recommend that you turn on multi-factor authentication. Using a physical security key and joining Google’s Advanced Protection Program will further secure your account. Similarly, Apple users should consider switching on Lockdown Mode, which activates extra defenses for devices. Apple claims that no user with Lockdown Mode enabled has yet been successfully hacked, but caution is always advised.

Experts, like Mohammed Al-Maskati from Access Now’s Digital Security Helpline, offer several key pieces of advice: keep your devices and apps updated, switch on Lockdown Mode for Apple devices and Advanced Protection for Google accounts, avoid suspicious links and attachments, regularly restart your phone, and watch for unusual behavior on your device.

Si dhe ku të kërkoni ndihmë pas një sulmi të dyshuar

After receiving a warning, what you do next depends on your situation. There are tools such as the Mobile Verification Toolkit (MVT) that allow anyone with some technical knowledge to scan for signs of spyware attacks on their devices. Alternatively, if you are a journalist, activist, dissident, or academic, you can get help from organizations like:

– Access Now’s Digital Security Helpline
– Amnesty International Security Lab
– The Citizen Lab at the University of Toronto
– Reporters Without Borders’ digital security lab

If you work for a company or a political party, your organization’s security team is the first point of contact. They may not investigate the incident deeply, but, often, they can refer you to qualified experts. For private citizens such as executives or politicians, specialized companies may help. Well-known organizations include iVerify (which offers both an app and forensic services), Safety Sync Group, Hexordia, Lookout, and TLPBLACK, where you can directly contact experts like Costin Raiu.

Once you reach out, an initial forensic check is usually done by analyzing a diagnostic file from your device, meaning you don’t need to hand your device over right away. If there are signs of an attack or infection, the next step might involve sharing a device backup, or in some cases, sending the device itself for deep analysis. This process may take time, as modern spyware is designed to hide itself and erase traces. According to Hassan Selmi of Access Now’s response team, many spyware attacks today use a “smash and grab” tactic: capture data quickly, then remove themselves to avoid detection.

If you are in civil society, the supporting organizations may ask if you want to publicize your case, but this is always your choice. Going public can help expose abuse, warn others, or pressure spyware firms to stop unethical sales. But, you should never feel compelled to reveal your identity if you’re uncomfortable.

Ultimately, while we hope you never receive such a notification, knowing what to do if it happens—and having the right resources at hand—can make a critical difference. Stay safe and vigilant.

Tags: spyware, siguri dixhitale, iPhone, Lockdown Mode, organizata të sigurisë kibernetike, kërcënime qeveritare