Picture this: You’re browsing the web, minding your own business when suddenly a pop-up appears on your screen. It doesn’t look like an ad, but a system alert warning you that a virus has taken over your machine. Wanting to protect yourself, you click the link and get in touch with a tech support agent. Then, before you know it, you’re being billed hundreds of dollars. Wait, what?
If that scenario sounds familiar, it’s only because tech support scams have spread to almost every corner of the web. And to make matters worse, the people behind them have gotten better at making their pop-ups more realistic looking. Tap or click here to see four chilling lessons from a tech hotline scam.
Fake system alerts (also known as “scareware”) are some of the most annoying tools that scammers use to swindle victims online. But thanks to the efforts of security researchers, we have a better understanding of how these pop-ups work and how to avoid them. Here’s a brief rundown on some of the biggest scareware pitfalls you can encounter on the web.
Security researchers document shocking new ‘scareware’ attempts
If you thought phishing was the malware du jour of 2020, think again. Classic infection and scam tactics like the tech hotline routine and scareware are alive and well — and they’re ensnaring victims with a variety of new tricks that are downright aggressive.
While some of these scams are obvious to the naked eye, scammers behind them are getting better at helping their tactics blend in with real system alerts. This comes down to better graphic design, language skills and actual proofreading that makes it less obvious the alerts aren’t real.
According to security reports from Sophos, some of these scareware or “scarevertising” campaigns are embedding codes that make them more troublesome to ignore than in previous incarnations.
If you use Safari or Chrome on your smartphone, you’ve probably already seen these troublesome actors. We’re talking about pop-ups that won’t go away, pages that infinitely reload and ads that crash your browser altogether.
Usually, force-quitting the browser app is enough to get around these scams, but they are improving themselves to the point where that may not work in the future.
Here are a few examples of some of the most notorious scam tactics you can encounter online.
When you open a web page and a pop-up appears, your first instinct is to close it before it has a chance to load. But now, imagine closing the window only for it to open a new one. To make matters worse, they can freeze your browser window and make it impossible to close the tab. It’s like being trapped in an arena with a hydra — the more heads you cut off, the more appear.
If you’re on a PC, the best course of action is to open the Task Manager. This program makes it easy to close out frozen programs — including ones frozen by pop-ups. Best of all, if you close out a compromised program it will also get rid of all the windows that it’s opened.
To access the task manager, you need to type and hold this famous key combination: CTRL+ALT+DELETE. If you press this in Windows 10, you’ll see several menu options appear. Click on Task Manager and select your web browser. Then, click End Task.
On a Mac, you can use the Force Quit option. Click the Apple icon in the upper-left corner and choose Force Quit. Then, click on the app you want to close and confirm.
For iOS and Android, all you need to do is follow these steps:
- On iPhone X or newer, swipe up from the bottom of your screen and stop when you reach the middle of the screen. On an iPhone 8 or below, double-tap the Home button to show recently opened apps.
- Swipe right or left to locate the browser app you were using.
- Swipe up on the app’s window (without tapping and opening it) to close the app.
- Swipe up from the bottom of the screen.
- Hold your finger where it is for a moment, then let go. You should see several of your most recently used apps.
- Locate the browser app you were using and swipe up on it to close.
No matter how much the pop-up looks like a real system alert, there is nothing built into your phone or computer that would completely freeze your browser. This goes double if the system alert has any kind of phone number or link in it.
Calling their bluff
Another new system alert scam involves mobile pop-ups that can automatically prompt your browser to dial a phone number for you. If this sounds like the ad is hacking your phone, it isn’t — it’s only exploiting a feature that opens phone numbers you tap on during web searches.
If you get any kind of pop-up prompting you to dial a number, tap Cancel and get the heck out of wherever you are on the web. No official system alerts will ever prompt you to call any kind of number like this (unless you’re specifically trying to make an appointment with Apple yourself).
But sometimes, these pop-ups appear before you can react appropriately — which means you’ll accidentally end up pushing a button and dialing the number. If this is the case, hang up immediately and do not engage with anyone on the other end of the line. They’re a scammer trying to take your money or data.
The final countdown
If you’ve seen these doom-and-gloom ads, you might have mistaken their flashiness for urgency. But how can anyone blame you — they feature a literal countdown clock and a threat that your data will be destroyed by “viruses!”
But as bad as this looks, it’s actually nothing to worry about. In fact, the entire “alert” you see is nothing more than a cleverly disguised pop-up ad.
No real system alerts (other than software updates and restart notifications) will ever feature a countdown — much less a warning that your files are in danger. Suffice to say, real system alerts are a lot more boring overall.
If you run into one of these countdowns, don’t worry about engaging with them. Close them just as you would any other annoying pop-up. If they manage to freeze your browser, just follow the steps from the first item on this list above.
At the same time, letting time run out won’t harm anything either. Most likely, the pop-up will simply close and attempt to open another one. In some cases, the clock actually resets — which pokes holes in the entire argument they’re making. Still, we’d recommend closing any and all malicious pop-ups as quickly as possible.
What to watch out for
Now that you know the enemy, here are a few more tips to keep in mind as you brave the hostile wilderness of the internet:
- Always pay close attention to spelling and grammar for every alert you receive. If something seems fishy, it’s probably phishy.
- Tech support agents for your device manufacturer will never reach out to you. It’s up to you to reach out to them. Anything other than that is a scammer looking to rip you off.
- Any pop-up that tells you to install software to remedy an issue is trying to infect your system or steal money from you. This is a common tactic scammers use to install fleeceware on unsuspecting victims.
If you know what you’re up against, you can feel secure as you browse the web. But to be as safe as possible, the best thing you can do is stick to familiar websites and platforms with robust security.
If you stray off the beaten trail, you’re bound to encounter digital highway-robbers. That’s the nature of the wild, wild web.