How to recognize phony virus scams on Mac and iPhone

Updated October 9th, 2018.

Most of the blog posts I write are positive, upbeat, “Looky what you can do with your Apple thing!” articles. Lots of how-tos, lots of reviews, all designed to help you do more with your Macs, iPhones, and iPads.

Basically, I show you what to do.

This time, I’m going to show you what not to do. Namely, I’m going to show you how not to be taken in by expensive fake virus scams. I hate to take up time and space doing this but I’ve seen enough instances of this scam that I feel an obligation to let everybody know about it.

I ran into one of these scams myself (late) last night. Luckily I was still awake enough to figure out what was going on, and to dissect the scam a bit so I could explain it better to you.

I’ll explain what happens, how it happens, show you some examples, and show you what to do (and not do).

What Happens
You’re using a web browser like Safari, Firefox, or Chrome on your Mac (although this can happen on any computer– and on an iPhone or iPad). All of a sudden a box like this pops onto your screen.
Mac_virus_scam_16

Or maybe it’s more like this one:
Mac_virus_scam_1

Or maybe this one:
Mac_virus_scam_9

Sometimes you’ll hear an alert like an air-raid siren, sometimes you’ll hear a message read out loud to you about how you need to Stop Right Now because your machine is at risk! Regardless, it gets your attention, and usually it’s a show-stopper as far as your web-browsing is concerned. You have to deal with that box, one way or another, and in many cases, it keeps coming back.

Important Fact #1: Apple is not watching what you do with your Mac. They have no idea that you’ve gone to this website or that one. They do not pop up messages saying “Your machine’s been compromised, so please call this toll-free number.” They don’t. Neither does Microsoft, neither does Adobe. (Neither do I.) Google is watching where you go on the web but they are not popping up messages telling you to call them.

If it’s not Apple, not Microsoft, not Adobe, and not me popping up those messages, who is– and why do they do it? Well, if you haven’t guessed already, the answer to the first question is “bad guys” and the answer to the second question is they want to scare you into calling that toll-free number. Once they have you on the phone, they’ll ask you to install something that allows them access to your machine (yikes!), and some time after that they’ll ask you for money. It might take half an hour, it might take an hour– I’ve heard about it taking longer than that– but eventually they will get around to asking you for money. The bad guys spend a good bit of time and effort to convince you that something’s wrong with your Mac, that your passwords and bank records and identity could be stolen, and that you’re lucky that you called. They then offer to monitor your machine to make sure everything is safe going forward.

Important Fact #2: there wasn’t anything wrong with your Mac. You just stumbled onto a website that was rigged to pop up a scary-sounding message. Someone laid a trap and you clicked on it (I’ll go into how it happens later). For now, know that the website you landed on was designed to pop up a scary message, no matter whose Mac landed on it.

This “safety monitoring” doesn’t come cheap. I know people who paid $895 for this. And they got nothing for it. It’s a total scam.

How It Happens
I hate to blame it on you (or on me), because we are just barely to blame. Basically we went to a website we shouldn’t have gone to– maybe on purpose, maybe not. Maybe you did a Google search and clicked something, like I did last night:
Mac_virus_scam_13

I was looking for the company that makes “Click Live Chat” and when I searched Google for it, the very first result looked promising– but it was a trap. I stepped right into it. As soon as I clicked that link– the first result in the Google search– I got a message about my Mac being infected. Yes, this means they fooled me (and they fooled Google). I’m the one who clicked the link, so I’m the one responsible for the pop-up window with the “Alert! You’re infected!” message. In this case, every click on the link to ClickLiveChat.com.de produced a pop-up window. The message popped up as the page was being loaded. But I already showed you that this was easy to do– I did on this very page. (Want to see it again? Just reload the page.)

Mac_virus_scam_2

You can bet I didn’t call them.

The game boils down to getting people to load a page that will automatically pop up a fake warning message. We’ve seen one way– somehow they get their bad website to show up at the top of a Google search result. Another way is to put a link on a page saying “Your Flash Player is out of date, click here,” and since we’re all used to frequent Flash Player updates, we click the link– and it takes us to a website that pops up a message. A third way is to get domain names like “news.com.com” (don’t go there), or ones that are common typos or misspellings of real websites, then make pop-up message websites at those locations, waiting for you and for me to mis-type a URL.

By the way, the iPhone and iPad aren’t immune from this. If you go to a website with a pop-up message it will pop up on your iPhone or iPad, same as on your Mac. Here’s an example (the website was news.com.com).

IMG_2028

What You Should Do
First, on a Mac, don’t allow pop-up windows in Safari, Firefox, or Chrome. You have to dig around in each browser’s settings to do it but look hard enough and you’ll find an option to block pop-ups. (Sometimes a website won’t work without pop-ups… so sometimes you have to turn pop-ups back on… but generally speaking, block them.) You can do a Google search for “how to block pop-up windows” and get your instructions there. Note that the kind of pop-up I used on this page is not technically a pop-up window… it’s a javascript alert. Which means it will still pop up, even after you block pop-up windows. And since so many websites rely on javascript, you can’t afford to block javascript. So you do what you can.

Second, be suspicious of any message that pops up on your screen asking you to “click here” or “call us at this toll-free number” no matter how plausible the company’s name or sales pitch is. (Call me if you want.) Also be suspicious of any “free” download that will clear your “problem” right up.

Note: the bad guys are pretty clever. If they can’t load a pop-up window they’ll take you to a web page that has a picture of a pop-up window, complete with shadow.

Third, if you do see such a message, know how to fight it (and win!). On your Mac, try quitting your browser. If you can’t (because the pop-up box won’t go away) hold the Option key, click and hold on the browser’s icon in the Dock, and choose “Force Quit.” If you know another way to Force Quit that’s fine too. If the message comes back when you restart your browser, quit it again, and then start it again while holding down the Shift key. That might do it.

On an iPhone or iPad, dismissing the pop-up will eventually produce a message (from Apple) offering to block alerts from that site. Accept the offer. See below.

IMG_2031

You’re not quite out of the woods yet. You still need to close the bad website. Do that by tapping at bottom right, to show all open web pages (you may be surprised at how many are open):

show_all_pages_iOS_bordered

Then, find the bad page visually, and click on the “x” next to it.

close_the_bad_page_iOS

That’ll do it. Click “Done” at bottom right and you are back in business.

For your pleasure and education, I’ve prepared a slide-show of phony virus warnings that I collected in the last few hours. Get familiar with them so you’ll recognize things like this in the wild. Pay attention to the URLs where shown and notice how they try to fool you.
watch_the_slideshow.


Click here to read my article about removing adware and malware from your Mac using the free Malwarebytes program. If you think you really might have a virus, use VirusBarrier (part of Intego’s Internet Security suite).
malwarebytes_anti_virus virus_barrier_button

For future reading: ScamWarners and ScamBusters websites. Also Apple’s page “Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams.”

Copyright 2008-2023 Christian Boyce. All rights reserved.

Did this article help you?

Maybe you'd like to contribute to the
Christian Boyce coffee fund.




Want some some quick iPhone how-tos?
Visit me at iPhoneinaminute.com.

Looking for quick tips about Macs?
See my One-Minute Macman website!



Please use the “Sharing” buttons to share what’s interesting with your friends. It helps your friends and it helps me too. Thank you very much!

Sincerely,
Christian signature
Christian Boyce

3 thoughts on “How to recognize phony virus scams on Mac and iPhone

Add yours

    1. You’re welcome!

      I’ve seen this scam so much lately it just became overwhelming– I had to write about it! Dee had a pop-up she couldn’t get rid of without unplugging the machine. I know two people who spent the $895, and I know someone else who was about to except his wife got me on the phone to do a three-way call with the “Apple Support” guy (we hung up and shut off the Mac). And then I stumbled onto a series of pop-ups myself. Yuck!

Please Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

Read our Privacy Policy