It was a normal day when Jay Gibson got an unexpected notification on his iPhone. “Apple detected a targeted mercenary spyware attack against your iPhone,” the message read. Ironically, Gibson used to work at companies that developed exactly the kind of spyware that could trigger such a notification. Still, he was shocked that he received a notification on his own phone. He called his father, turned off and put his phone away, and went to buy a new one. “I was panicking,” he told TechCrunch. “It was a mess. It was a huge mess.” Gibson is just one of an ever-increasing number of people who are receiving notifications from companies like Apple, Google, and WhatsApp, all of which send similar warnings about spyware attacks to their users. Tech companies are increasingly proactive in alerting their users when they become targets of government hackers, and in particular those who use spyware made by companies such as Intellexa, NSO Group, and Paragon Solutions. But while Apple, Google, and WhatsApp alert, they don’t get involved in what happens next. The tech companies direct their users to people who could help, but at which point the companies step away. This is what happens when you receive one of these warnings. Warning You have received a notification that you were the target of government hackers. Now what? First of all, take it seriously. These companies have reams of telemetry data about their users and what happens on both their devices and their online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you have been targeted, they are probably right. It’s important to note that in the case of Apple and WhatsApp notifications, receiving one doesn’t mean you were necessarily hacked. It’s possible that the hacking attempt failed, but they can still tell you that someone tried. A photo showing the text of a threat notification sent by Apple to a suspected spyware victim (Image: Omar Marques/Getty Images) In the case of Google, it’s most likely that the company blocked the attack, and is telling you so you can go into your account and make sure you have multi-factor authentication on (ideally a physical security key or passkey), and also turn on its Advanced Protection Program, which also requires a security key and adds other layers of security to your Google account. In other words, Google will tell you how to better protect yourself in the future. In the Apple ecosystem, you should turn on Lockdown Mode, which switches on a series of security features that makes it more difficult for hackers to target your Apple devices. Apple has long claimed that it has never seen a successful hack against a user with Lockdown Mode enabled, but no system is perfect. Mohammed Al-Maskati, the director of Access Now’s Digital Security Helpline, a 24/7 global team of security experts who investigate spyware cases against members of civil society, shared with TechCrunch the advice that the helpline gives people who are concerned that they may be targeted with government spyware. This advice includes keeping your devices’ operating systems and apps up-to-date; switching on Apple’s Lockdown Mode, and Google’s Advanced Protection for accounts and for Android devices; be careful with suspicious links and attachments; to restart your phone regularly; and to pay attention to changes in how your device functions. Contact Us Have you received a notification from Apple, Google, or WhatsApp about being targeted with spyware? Or do you have information about spyware makers? We would love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Reaching out for help What happens next depends on who you are. There are open source and downloadable tools that anyone can use to detect suspected spyware attacks on their devices, which requires a little technical knowledge. You can use the Mobile Verification Toolkit, or MVT, a tool that lets you look for forensic traces of an attack on your own, perhaps as a first step before looking for assistance. If you don’t want or can’t use MVT, you can go straight to someone who can help. If you are a journalist, dissident, academic, or human rights activist, there are a handful of organizations that can help. You can turn to Access Now and its Digital Security Helpline. You can also contact Amnesty International, which has its own team of investigators and ample experience in these cases. Or, you can reach out to The Citizen Lab, a digital rights group at the University of Toronto, which has been investigating spyware abuses for almost 15 years. If you are a journalist, Reporters Without Borders also has a digital security lab that offers to investigate suspect