Scam Alert: "Malware Warning" Pop-Ups

We’ve written in the past about phone scams where a criminal poses as a representative from “Microsoft Support,” asking for credit card payment to perform some necessary maintenance on someone’s computer. Thankfully, increased education on cybersecurity has raised consumer awareness of scams like these, but criminals have gotten even smarter at figuring out ways to steal your information.

Over the last six months, and increasingly in the last few weeks, though, we’ve seen multiple instances, as well as reports from others, of a new variation on this scam, which is even trickier.

How the Malware Warning Pop-Up Scam Works

This phishing scheme is particularly tricky because it combines high-tech elements with a relatively low-tech social interaction over the phone. Here’s how it works:

  • Fraudsters infect otherwise legitimate websites, causing pop-up windows to appear in a user’s web browser that are disguised as notices from a well-known vendor's "tech support" group. We've seen pop-ups claiming to come from Microsoft, Apple, and even the user’s internet service provider (ISP).
  • These notices claim that the vendor's "tech support" group has detected malware on the user’s computer and prompts the user to call a “support” phone number to get assistance.
  • If the user makes the call, they end up talking to a fraudster posing as a technician, wanting to help get rid of the malware.
  • The “technician” asks for the user’s credit card information, and may initiate a remote session on the user's computer, which he or she may then use to compromise the user's data, or install malware.

What to Do If You Are Targeted

Here are some tips to follow if you are targeted to help mitigate the damage:

1. Never call phone numbers in pop-up windows. 

With few exceptions, vendors will not contact you via browser pop-up windows. If you think a message you see on your computer is legitimate, call the vendor directly (i.e., find their actual number on their website), or contact an IT professional to see if the pop-up is legitimate.

2. Work with an IT professional to remove any malware downloaded.

If you called the number and worked with a fraudulent "technician" to whom you gave remote access to your computer, there's a good chance you may now have dangerous malware on your computer. But even if you didn't, some of the pop-up windows may actually be the result of malware already on your computer. So, to be safe, it's a good idea to work with a professional to scan for and remove any unwanted software. 

3. If you’ve called the scammers already, work with your bank and/or credit card company to reverse any charges.

From what we’ve seen, the scammers work pretty quickly to defraud victims of money, so be sure to notify the appropriate parties as soon as possible.

4. Spread the word!

Share this article to let your coworkers, friends, and family know about this scheme so that they don’t fall victim to it. Awareness is our best line of defense in cases like this.

If you're wondering whether a notification you've recently seen is fraudulent or have any other questions about the malware warning pop-up scam, please reach out to us!