First of all, don't panic.


If you get one of these warnings or pop-ups, you should immediately close your browser if you can. You may need to force your browser to quit.


When you restart your browser, don't reopen your previous tabs! (Here's how to prevent previous tabs from opening in Microsoft Edge, which currently doesn't ask.) And don't click the link you visited immediately before you got that virus warning; otherwise, the whole thing will happen all over again.


It's really important that you follow these instructions to remove any software they might have installed on your computer while "helping" you.

Windows computers: Remove Tech Support Scam pop-up virus (Call For Support – Scam)

Macs: The Safe Mac's Adware Removal Guide


It's never safe to assume you haven't been infected, but most likely that loud "You've got a virus" warning is just a scare tactic. The criminals' goal is to get you to call the phone number. In fact, this kind of advertising is often called "scareware." At this point in the scam they have no way of actually stealing any information from your computer. Once they have you on the phone, however, they will try to convince you that you have a virus and you should pay them to remove it for you. If you pay, they'll have your credit card information; not good. They will also most likely install software on your computer, ostensibly to remove the virus, which will actually BE a virus that will attempt to steal more personal data or do other bad things with your computer.


By the way, if you paid that "tech support company" to remove the "virus" from your computer and "protect" your personal information, you didn't pay AdBlock, you paid the scammer. AdBlock is free software. You never have to pay for it if you prefer not to. It's worth a try to contact that company and demand your money back. If they won't do that, dispute the charge with your credit card company right away.


If the "virus warning" pop-ups started after you visited a free streaming website, please see this articleYou may also find this Microsoft Community forum post on tech support scams helpful.


Good luck, and we hope everything turns out well!


A case study

We're sharing a recent support ticket with the permission of the person who submitted it. It's a classic example of this kind of "scareware." The text in yellow are the clues we used to determine this was a tech support scam.


Today I got something that looked like it came from an official Mac Support site…started chatting and guy wanted access to my computer.  I asked how I could verify he was not scamming me, and he ended the chat.  One is from McAfee, one from MacKeeper and who knows about the chat guy.


The screenshots attached to the ticket showed two pop-ups.


Pop-up #1:

ATTENTION
READ BEFORE CONTINUING

Your OS X antivirus protection may not be sufficient enough. Get Mcafee Antivirus now and protect your computer from malware, viruses and online hackers.

It is strongly advised that you get protected now.

*************************

Browser: Safari

Service Provider: Comcast Cable Communications inc.
Pop-up #2:

IMMEDIATE ATTENTION REQUIRED!

CALL NOW: +1 (844) 728-6899

CASE NUMBER: (a string of random numbers and letters)

Safari Browser Session Interrupted!

Dear Comcast Cable Communications inc. Customer - We have noticed excessive POPUPS and SECURITY ISSUES on your Mac OS X computer!

Your may have a possible MALWARE or SPYWARE in your
...


Fortunately, this person had the presence of mind to ask before giving the "technician" access to his computer. Many people wouldn't question "tech support" that comes from "Comcast." There are some good clues here that this isn't from Comcast at all.


First, he mentioned the pop-ups looked like a notification from an official support site. The technician wanted access to his computer, and hung up when the user was wary and started asking questions.


Second, MacKeeper is known malware.


Third, "IMMEDIATE ATTENTION REQUIRED" generates a sense of urgency. Some forms of this scam include the sound of a police siren to heighten the urgency.


Fourth, "We have noticed..." Comcast doesn't actively monitor its customers' computers for technical issues, including malware. Neither do Apple or Microsoft, by the way.


Fifth, the pop-ups contain several errors:

  • "sufficient enough" (all right, we admit we're being picky here; most people wouldn't notice this is redundant, but we bet a real corporate communications writer would know better)
  • "Mcafee Antivirus" (the correct form is "McAfee")
  • Comcast provides the Norton Security Suite to its customers, not McAfee
  • "Comcast Cable Communications, inc." (Comcast's official name is "Comcast Cable Communications, LLC" and it does business as "Xfinity")
  • "Your may have a possible MALWARE or SPYWARE in your..." (again, real companies proofread)