When Phishing Stops Looking Like Phishing

Matt Mullenweg, the co-founder of WordPress, almost got hooked by an Apple ID phishing scam in March. He wrote up the whole thing on his blog, and it’s a story everyone using an Apple ID should read.

This wasn’t a sloppy email with broken English asking him to confirm his account before midnight. The scam stacked four pieces of work that, taken together, looked almost identical to legitimate Apple security activity.

First, his Apple Watch, iPhone, and Mac all started buzzing at once with prompts to reset his Apple ID password. He hadn’t asked for any reset. Someone was bombing Apple’s real password reset flow against his account, hoping he’d tap “Allow” on one of the alerts out of confusion or fatigue.

Then the scammers called Apple Support themselves, pretending to be Matt. They claimed he’d lost his phone and needed to update the number on the account. Apple did what Apple does. They generated a real case ID. They sent legitimate emails from real Apple servers. Those messages landed in Matt’s inbox, properly signed, looking exactly like Apple emails should look.

A few minutes later, a text came through with a link to a site called audit-apple.com, asking him to review and cancel the pending request. The page was a pixel-perfect Apple replica. It displayed the real case ID from the actual Apple emails. It even showed a fake transcript of the scammer’s call to Apple, stitched in to make the page look like a transparent record of legitimate support activity.

Then a phone call from a calm, professional voice introducing himself as Alexander from Apple Support finished the play with a spoofed caller ID. He didn’t sound like a scammer. He sounded like Apple.

Matt caught it. He started poking at the phishing page and noticed that any case ID he typed in returned the same result. The site wasn’t validating anything. Once he saw the trick, he confronted the caller, who hung up.

Most people would not have caught it.

Matt Mullenweg runs a major tech company. He has Lockdown Mode turned on across his devices. He thinks about security all day. And he got close to clicking through.

The old phishing detection rules are showing their age. We were trained to look for typos, weird grammar, sketchy URLs, and broken logos. Those tells worked when scams were cheap and lazy. They don’t work anymore.

AI has changed the economics. Generating clean copy in any language costs nothing. Cloning a website is automated. Voice synthesis can put a convincing support agent on the line. An attacker can pull your background off LinkedIn and old blog posts in minutes. The friction that protected most of us has collapsed.

So the rules have to change with it. A few things I now do without exception:

  • If someone calls claiming to be from Apple, my bank, or any service, I hang up and call the official number myself. Always. No matter how legitimate the caller sounds.
  • If I get a password reset prompt I didn’t trigger, I don’t tap anything. I open the app or website directly and check the account from there.
  • If a text or email asks me to click a link to “review” or “cancel” a request, I treat it as hostile until proven otherwise. I get to the service the long way around.
  • I keep two-factor authentication on hardware keys for the accounts that matter most. A phishing site can’t replay a hardware key.

None of this is foolproof. Matt’s case shows what a well-resourced attacker can put together when they decide you’re worth the trouble. The defenses just have to be good enough to make the attacker move on to an easier target.

Constant vigilance.

Why the Dedicated Launcher Still Wins

Jason Snell gave the new Spotlight a real shot. When he reviewed macOS Tahoe last September, he stopped using LaunchBar and stuck with Spotlight for months. He liked it. Then the betas got worse.

Spotlight got progressively slower for him. It missed entire categories of items, like Safari favorites. The new “Quick Keys” text shortcuts only work for Actions, which Jason called “completely beyond me.” In the linked post, Jason surrenders and goes back to LaunchBar.

I am really pleased to see Apple improving Spotlight annually, and I hope they continue to do so. For the vast majority of users, they are not going to buy a third-party application like LaunchBar, Alfred, or Raycast.

That said, I don’t see myself abandoning Alfred anytime soon. The dedicated launchers still (and always will) do things Spotlight doesn’t.

Mac Power Users 846: Apple Watch

On this episode of Mac Power Users, Stephen and I go deep on the Apple Watch. We cover watch faces and share our current favorites, talk bands, dig into the best apps for getting things done from your wrist, and explore how the health and safety features have worked their way into our daily lives. We also spend some time on the big Apple news: Tim Cook stepping down as CEO and John Ternus stepping up to lead the company.

This episode of Mac Power Users is sponsored by:

  • Mercury Weather: Forecasts, beautifully done. Download now for free.
  • Squarespace: Save 10% off your first purchase of a website or domain using code MPU.
  • 1Password: Never forget a password again.

A Product Guy at the Top

Apple announced this week that Tim Cook is stepping down as CEO. John Ternus takes over September 1. I want to tell you why I’m happy about it, and why I’m trying to keep my expectations honest.

A few weeks ago I wrote a newsletter called “The Paint at 7 AM.” The point was that companies look like the people running them. When Walt Disney showed up at Disneyland on Saturdays to drive the trains, Disneyland got the attention it deserved. When Steve Jobs read his team the riot act over MobileMe, Apple learned what online services were supposed to feel like. The CEO is either a person who loves the product or a person who loves the business, and you can usually tell which one within five minutes of any keynote.

Tim Cook loved the business. That isn’t a slight. He built the supply chain that made the iPhone possible at the scale it reached. He brought us AirPods, Apple Watch, and Vision Pro. He grew Services into a real business and ran the company with a steady hand for fifteen years. Apple is in better shape because he ran it.

But Cook was also sometimes invisible on stage. You could tell which products lit him up and which ones he was reading off the cue card. The HomePod got the cue-card treatment for years. Big chunks of the iPad lineup got it too. The product half of the keynote always felt like it belonged to somebody else.

John Ternus is somebody else. He has been at Apple since 2001, running hardware engineering for the iPad and the Mac through the entire Apple silicon transition. When he steps on stage and talks about how an enclosure comes together, he sounds like a person who made the thing. He probably had a hand in it. Naming Johny Srouji as Chief Hardware Officer at the same time tells you the rest. This is a hardware-first transition from a hardware-first company.

That’s the part I’m happy about. My interest in Apple has always been as a customer, not a shareholder. I buy the things and use them. That’s my stake in all of this. A CEO who thinks about products the way I think about products seems like good news for people like me.

The cautious part is that Apple is too big to turn quickly. Ternus is going to spend his first year learning levers Cook has had his hands on for decades. Services is now a big part of Apple’s profit.

A hardware engineer running a hundred-billion-dollar services business is going to be tested in ways nobody can predict. The Siri saga is a reminder that Apple has problems that won’t get solved by a CEO who happens to like making iPads.

Even so, the things I’ll be watching are product things. Which Macs get greenlit and which ones quietly get killed. Whether the keynotes start sounding like the early years again, where you got the sense the people on stage actually used the things they were holding.

My bet is that the keynotes get more product-forward. The quiet pruning of half-committed products picks up speed. And a few years in, we find out whether a hardware engineer can also run a services business.

I could be completely wrong about this. Tim Cook had skeptics in 2011 too, and he ran circles around all of them. But the CEO who actually cares about what the company makes is the CEO who builds great products. Ternus feels like that pick.

The M5 Mac Studio Crystal Ball

Several Mac mini and Mac Studio configurations are “currently unavailable” from Apple. No delivery estimate. No order option.

The affected models include the Mac mini with 32GB or 64GB of RAM and the Mac Studio with 128GB or 256GB. Apple had already removed the 512GB M3 Ultra Mac Studio a few weeks prior.

Two things are probably driving this. Mark Gurman has Apple’s 2026 Mac roadmap including M5 and M5 Pro Mac mini models and M5 Max and M5 Ultra Mac Studio refreshes. I expected those to get released at WWDC in June, but that seems a ways off for them to stop selling it in April.

There’s also the global DRAM shortage, driven by AI demand. Both explanations are credible, and they’re not mutually exclusive.

My money was on the M5 refresh being the bigger factor. Maybe that was partially wish-casting because I’m thinking I’m about due to update my M2 Mac Studio. But Mark Gurman’s recent reporting says the Mac Studio may be pushed to October. The longer we wait, the more likely I expect Apple to raise its memory prices.

John Ternus at the Helm

Apple named John Ternus as its next CEO this morning. Tim Cook moves to executive chairman, and Ternus takes over September 1. Johny Srouji picks up an expanded Chief Hardware Officer role, combining Ternus’s hardware engineering job with his own hardware technologies work.

I have been on the Ternus bandwagon for a while. Back in November I wrote about why he felt like the obvious pick. The first time I saw him walk out on an Apple keynote stage, my initial thought was that “this guy looks like a CEO.”

In my years as a business attorney, I sat in on a lot of CEO transitions. Nearly every time that the transition happened in an ongoing, successful company, they landed on whoever was running their most successful division. If you want to predict a successor, look for the person responsible for the part of the business that is working. Ternus has been running Apple’s hardware engineering. Hardware is the business. The iPhone, the Mac, the iPad, and the Watch are the engine. You hand the company to the person running the engine.

So this choice is consistent. It is the least surprising CEO announcement Apple could have made.

What happens next is the harder question. Apple is too big to change direction quickly. New CEOs at companies this size do not reshape the company in their first year. They learn where the levers are. They keep the trains running. The real signal of Ternus’s hand on the tiller will come later, probably well into 2027 or beyond. What products get greenlit. What gets killed. How the company talks about itself.

I am eager to see this new chapter. Tim Cook was very successful in the short term. Time will tell what his impact was over the long term. Handing the job to an engineer who has been in the product trenches since 2001 feels right. Now we get to watch what he does with it.