When Phishing Stops Looking Like Phishing

Matt Mullenweg, the co-founder of WordPress, almost got hooked by an Apple ID phishing scam in March. He wrote up the whole thing on his blog, and it’s a story everyone using an Apple ID should read.

This wasn’t a sloppy email with broken English asking him to confirm his account before midnight. The scam stacked four pieces of work that, taken together, looked almost identical to legitimate Apple security activity.

First, his Apple Watch, iPhone, and Mac all started buzzing at once with prompts to reset his Apple ID password. He hadn’t asked for any reset. Someone was bombing Apple’s real password reset flow against his account, hoping he’d tap “Allow” on one of the alerts out of confusion or fatigue.

Then the scammers called Apple Support themselves, pretending to be Matt. They claimed he’d lost his phone and needed to update the number on the account. Apple did what Apple does. They generated a real case ID. They sent legitimate emails from real Apple servers. Those messages landed in Matt’s inbox, properly signed, looking exactly like Apple emails should look.

A few minutes later, a text came through with a link to a site called audit-apple.com, asking him to review and cancel the pending request. The page was a pixel-perfect Apple replica. It displayed the real case ID from the actual Apple emails. It even showed a fake transcript of the scammer’s call to Apple, stitched in to make the page look like a transparent record of legitimate support activity.

Then a phone call from a calm, professional voice introducing himself as Alexander from Apple Support finished the play with a spoofed caller ID. He didn’t sound like a scammer. He sounded like Apple.

Matt caught it. He started poking at the phishing page and noticed that any case ID he typed in returned the same result. The site wasn’t validating anything. Once he saw the trick, he confronted the caller, who hung up.

Most people would not have caught it.

Matt Mullenweg runs a major tech company. He has Lockdown Mode turned on across his devices. He thinks about security all day. And he got close to clicking through.

The old phishing detection rules are showing their age. We were trained to look for typos, weird grammar, sketchy URLs, and broken logos. Those tells worked when scams were cheap and lazy. They don’t work anymore.

AI has changed the economics. Generating clean copy in any language costs nothing. Cloning a website is automated. Voice synthesis can put a convincing support agent on the line. An attacker can pull your background off LinkedIn and old blog posts in minutes. The friction that protected most of us has collapsed.

So the rules have to change with it. A few things I now do without exception:

  • If someone calls claiming to be from Apple, my bank, or any service, I hang up and call the official number myself. Always. No matter how legitimate the caller sounds.
  • If I get a password reset prompt I didn’t trigger, I don’t tap anything. I open the app or website directly and check the account from there.
  • If a text or email asks me to click a link to “review” or “cancel” a request, I treat it as hostile until proven otherwise. I get to the service the long way around.
  • I keep two-factor authentication on hardware keys for the accounts that matter most. A phishing site can’t replay a hardware key.

None of this is foolproof. Matt’s case shows what a well-resourced attacker can put together when they decide you’re worth the trouble. The defenses just have to be good enough to make the attacker move on to an easier target.

Constant vigilance.

Why the Dedicated Launcher Still Wins

Jason Snell gave the new Spotlight a real shot. When he reviewed macOS Tahoe last September, he stopped using LaunchBar and stuck with Spotlight for months. He liked it. Then the betas got worse.

Spotlight got progressively slower for him. It missed entire categories of items, like Safari favorites. The new “Quick Keys” text shortcuts only work for Actions, which Jason called “completely beyond me.” In the linked post, Jason surrenders and goes back to LaunchBar.

I am really pleased to see Apple improving Spotlight annually, and I hope they continue to do so. For the vast majority of users, they are not going to buy a third-party application like LaunchBar, Alfred, or Raycast.

That said, I don’t see myself abandoning Alfred anytime soon. The dedicated launchers still (and always will) do things Spotlight doesn’t.

Mac Power Users 846: Apple Watch

On this episode of Mac Power Users, Stephen and I go deep on the Apple Watch. We cover watch faces and share our current favorites, talk bands, dig into the best apps for getting things done from your wrist, and explore how the health and safety features have worked their way into our daily lives. We also spend some time on the big Apple news: Tim Cook stepping down as CEO and John Ternus stepping up to lead the company.

This episode of Mac Power Users is sponsored by:

  • Mercury Weather: Forecasts, beautifully done. Download now for free.
  • Squarespace: Save 10% off your first purchase of a website or domain using code MPU.
  • 1Password: Never forget a password again.

A Product Guy at the Top

Apple announced this week that Tim Cook is stepping down as CEO. John Ternus takes over September 1. I want to tell you why I’m happy about it, and why I’m trying to keep my expectations honest.

A few weeks ago I wrote a newsletter called “The Paint at 7 AM.” The point was that companies look like the people running them. When Walt Disney showed up at Disneyland on Saturdays to drive the trains, Disneyland got the attention it deserved. When Steve Jobs read his team the riot act over MobileMe, Apple learned what online services were supposed to feel like. The CEO is either a person who loves the product or a person who loves the business, and you can usually tell which one within five minutes of any keynote.

Tim Cook loved the business. That isn’t a slight. He built the supply chain that made the iPhone possible at the scale it reached. He brought us AirPods, Apple Watch, and Vision Pro. He grew Services into a real business and ran the company with a steady hand for fifteen years. Apple is in better shape because he ran it.

But Cook was also sometimes invisible on stage. You could tell which products lit him up and which ones he was reading off the cue card. The HomePod got the cue-card treatment for years. Big chunks of the iPad lineup got it too. The product half of the keynote always felt like it belonged to somebody else.

John Ternus is somebody else. He has been at Apple since 2001, running hardware engineering for the iPad and the Mac through the entire Apple silicon transition. When he steps on stage and talks about how an enclosure comes together, he sounds like a person who made the thing. He probably had a hand in it. Naming Johny Srouji as Chief Hardware Officer at the same time tells you the rest. This is a hardware-first transition from a hardware-first company.

That’s the part I’m happy about. My interest in Apple has always been as a customer, not a shareholder. I buy the things and use them. That’s my stake in all of this. A CEO who thinks about products the way I think about products seems like good news for people like me.

The cautious part is that Apple is too big to turn quickly. Ternus is going to spend his first year learning levers Cook has had his hands on for decades. Services is now a big part of Apple’s profit.

A hardware engineer running a hundred-billion-dollar services business is going to be tested in ways nobody can predict. The Siri saga is a reminder that Apple has problems that won’t get solved by a CEO who happens to like making iPads.

Even so, the things I’ll be watching are product things. Which Macs get greenlit and which ones quietly get killed. Whether the keynotes start sounding like the early years again, where you got the sense the people on stage actually used the things they were holding.

My bet is that the keynotes get more product-forward. The quiet pruning of half-committed products picks up speed. And a few years in, we find out whether a hardware engineer can also run a services business.

I could be completely wrong about this. Tim Cook had skeptics in 2011 too, and he ran circles around all of them. But the CEO who actually cares about what the company makes is the CEO who builds great products. Ternus feels like that pick.

The M5 Mac Studio Crystal Ball

Several Mac mini and Mac Studio configurations are “currently unavailable” from Apple. No delivery estimate. No order option.

The affected models include the Mac mini with 32GB or 64GB of RAM and the Mac Studio with 128GB or 256GB. Apple had already removed the 512GB M3 Ultra Mac Studio a few weeks prior.

Two things are probably driving this. Mark Gurman has Apple’s 2026 Mac roadmap including M5 and M5 Pro Mac mini models and M5 Max and M5 Ultra Mac Studio refreshes. I expected those to get released at WWDC in June, but that seems a ways off for them to stop selling it in April.

There’s also the global DRAM shortage, driven by AI demand. Both explanations are credible, and they’re not mutually exclusive.

My money was on the M5 refresh being the bigger factor. Maybe that was partially wish-casting because I’m thinking I’m about due to update my M2 Mac Studio. But Mark Gurman’s recent reporting says the Mac Studio may be pushed to October. The longer we wait, the more likely I expect Apple to raise its memory prices.