Got questions? Schedule a call with us!

Fake Apple Security Alert: How a 'track(2).dll' Warning Almost Fooled Our Customer

by Levi Durfee

Last week, one of our customers almost fell for a scam that looked exactly like an official Apple security warning. The page had Apple’s logo, Apple’s color scheme, and a red alert box screaming that their computer was infected. It even provided a phone number to call “Apple Support.” The only thing missing? It had nothing to do with Apple.

Here’s what happened — and how a combination of security training, endpoint protection, and DNS filtering stopped the scam cold.

What Our Customer Saw

Our customer was browsing normally when their browser suddenly filled with a full-screen alert styled to look like an official Apple security page. The warning displayed:

App: track(2).dll Unsafety Detected

Below that, was a phone number they were instructed to call immediately. The page made it appear as though their Mac was locked and their files were at risk.

A fake Apple security alert displaying the message 'App: track(2).dll, Unsafety Detected' with a phone number to call — a classic tech support scam

The design was convincing. The urgency was real. And the pressure to act immediately is exactly what these scammers count on.

Why This Is a Scam

Several red flags give this away — but you have to know what to look for.

.dll is a Windows file extension. A .dll file (Dynamic Link Library) is a Windows concept. It does not exist on macOS. An “Apple security alert” citing a .dll file is an immediate tell that whoever built this page doesn’t understand — or doesn’t care about — the difference. They’re throwing scary-sounding technical language at the wall.

Apple never displays phone numbers on security alerts. If Apple’s operating system or a genuine Apple service detects a problem, it does not respond by plastering a phone number on your screen. Real security software runs quietly in the background or sends you to a settings panel. It does not tell you to call a stranger.

Browsers can’t “lock” your computer. A web page has no ability to lock your system, encrypt your files, or detect viruses on your machine. The full-screen effect is a browser trick — usually triggered by the page entering fullscreen mode — designed to make you panic. Pressing Escape or force-quitting the browser breaks it immediately.

Fear + urgency = social engineering. This is the oldest playbook in the book. Create a threat, amplify the urgency, cut off your ability to think clearly, and push you toward a specific action — calling that phone number. Once you call, a scammer on the other end will ask for remote access to your machine, your credit card, or both.

How Our Customer Responded

This is where the story gets good.

Our customer had gone through NerdSec’s security awareness training. When the alert appeared, something felt off. The language was a little too dramatic. The phone number felt out of place. They remembered one of the core lessons: when in doubt, don’t act — call us instead.

They force-quit the browser, stepped away from the page, and called NerdSec support.

We initiated a full scan remotely from the SentinelOne admin dashboard — no action required on their end. The scan came back clean — no malware, no infection, no compromise. The “threat” existed only on that scam webpage, not on their machine.

We then set them up with NerdSec Secure DNS. That same scam domain now resolves to an invalid address on their network. They can’t accidentally land on it again.

How Secure DNS Stops This at the Source

NerdSec Secure DNS filters DNS queries at the network level, blocking known malicious and phishing domains before the browser ever loads them. When a device on your network tries to reach a flagged domain, the DNS resolver returns a blocked response instead of routing you to the scam site.

For our customer, this means the tech support scam domain is now dead on their network. Even if someone clicks a link to it — in an email, a search result, or an ad — the page simply won’t load. The threat is stopped before it ever becomes a decision someone has to make under pressure.

DNS filtering is one of the highest-leverage security controls available because it protects every device on the network without requiring anything to be installed on each individual machine.

What to Do If You See This Warning

If a browser alert like this appears on your screen, here’s exactly what to do:

  • Do NOT call the phone number. That number connects you to a scammer, not Apple or Microsoft or any legitimate company.
  • Do NOT grant remote access. If someone on the phone asks to “take a look” at your computer, hang up.
  • Close the browser tab. If the page won’t close normally, force-quit the browser entirely. On a Mac: Command + Option + Escape. On Windows: Ctrl + Shift + Esc, then end the browser process.
  • Run an endpoint scan. Open your endpoint security software and run a full scan to confirm nothing was installed before you landed on the scam page.
  • Report it to your IT or security team. Even if nothing happened, your team should know the domain is circulating. One employee seeing it probably means others have too.

Why Training Makes the Difference

The best security stack in the world has a gap: the person sitting at the keyboard. Endpoint protection catches malware after execution. DNS filtering blocks known bad domains. But a scam that never touches your machine — one that only needs you to pick up the phone — can slip past every technical control if the person doesn’t recognize it.

Our customer recognized it because they’d been trained to.

Security awareness training doesn’t need to be lengthy or complicated. It needs to be relevant, memorable, and repeated often enough that the right instinct kicks in under pressure. In this case, it did — and it saved our customer from a scam that could have cost them access to their machine, their credentials, or their money.

If you’d like to talk about security training for your team, contact us. We build programs around the threats your employees are actually seeing, not generic compliance checkboxes.

Ready to add these layers to your own network? Start with Secure DNS to block phishing domains at the source, pair it with Endpoint Protection to catch anything that gets through, and contact us to talk through the right fit for your organization. We also have pricing built for small and mid-sized teams that don’t have an enterprise budget.