The fake pop up message telling you something is wrong with your pc is not a new scam, but I have seen an increase in calls reporting such a message recently. The message that appears to randomly pop up says something along the lines of “Windows has detected some suspicious activity from your IP address…..” (it can also say pc, computer, or device) and directs you to call a toll free number to correct the issue. The message comes from compromised websites in what is known as malvertising, and messages like that don’t just happen to small sites, or sites on the dark side of the web (Porn). Major websites like the LA Times, NY Times, Washington Post, and the Huffington Post have all been compromised at some point previously.
Review Of Fake Message
The following screenshot is one of the messages that was received recently.
Let’s review some of the key details of the message.
- No matter what the message specifically says, the message always starts by trying to get your attention and hopefully scare you. In this case “Windows has detected some suspicious activity”, and “caused a security breach”.
- The message will always reference a major software or hardware maker that everyone one knows, like Adobe, Google, or as shown in this case Microsoft. This is done so that you start to think there could be some legitimacy in the message.
- The message will then give you directions for the fix, from clicking on a link to download something to calling a phone number and getting assistance with your issue. Of course if you have a phone number, the message will give you the comfort of knowing that the person you are calling will be a “certified tech”.
- Lastly, and usually in all CAPITOL LETTERS, as shown in the screenshot, a final warning that if you don’t do what the message says you may lose your data or worse.
Of course this is all a mind game. If they can play with your mind, they hope they can then trick you into doing something really dumb. The dumb being opening the virtual front door of your computer to actually give them access.
If you have this message, you are NOT really infected with anything more than malvertising. However, once you call the fake techs (the bad guys), they will give you instruction on how to give them access in to your pc. Once they connect to your pc, it will only take them minutes and your computer will actually be compromised by the people who you think are supposed to be helping you.
What To Do If You See A Message Saying You Are Compromised
The following are things you should do when you see a message like this pop up.
- DONT PANIC. This is the most IMPORTANT advice i can give. JUST DON’T PANIC.
- Open a new webpage and go to Google, Bing, Yahoo, or 800notes whatever search engine you prefer to use. Run a search for the phone number listed on the pop-up. The following screenshot shows the results from the site 800notes site, as I find it an excellent site to see if a number if a telemarketer or a scam, but you can use any search engine to do your research.
- At this point, I recommend running a full scan on your pc with 3 programs, Malwarebytes, SuperAntiSpyware, and whatever Antivirus program you have installed on your pc. Remember before starting the scan to make sure each program is updated to the latest database or definition files. As shown in the screenshot below for SuperAntispyware, each program will have a spot that will list how old the database or definition files are and give you an opportunity to update them.
What if you don’t have Malwarebytes, SuperAntispyware or an Antivirus program installed on your pc. First question is, WHAT ARE YOU THINKING!!!! OK I know it happens, so here is what I recommend, and there is no excuse because the following steps are all FREE.
Go to the NINITE site, where you can download what you need, legitimately and for FREE. Just put a check next to each one that you need and then click on Get Installer. The Ninite site will download and install each program, or tell you that its already installed if it finds it on the machine.
- Once you have installed or updated each program, run a full scan on all your drives, and select to clean to whatever each program finds. The screenshot below shows what SuperAntiSpyware found on one of the computers that reported this issue.
That should be it. With a little caution, and no panic, you should be able to work past a situation like this fairly quickly and painlessly.