Updated October 9th, 2018.
Most of the blog posts I write are positive, upbeat, “Looky what you can do with your Apple thing!” articles. Lots of how-tos, lots of reviews, all designed to help you do more with your Macs, iPhones, and iPads.
Basically, I show you what to do.
This time, I’m going to show you what not to do. Namely, I’m going to show you how not to be taken in by expensive fake virus scams. I hate to take up time and space doing this but I’ve seen enough instances of this scam that I feel an obligation to let everybody know about it.
I ran into one of these scams myself (late) last night. Luckily I was still awake enough to figure out what was going on, and to dissect the scam a bit so I could explain it better to you.
I’ll explain what happens, how it happens, show you some examples, and show you what to do (and not do).
You’re using a web browser like Safari, Firefox, or Chrome on your Mac (although this can happen on any computer– and on an iPhone or iPad). All of a sudden a box like this pops onto your screen.
Or maybe it’s more like this one:
Or maybe this one:
Sometimes you’ll hear an alert like an air-raid siren, sometimes you’ll hear a message read out loud to you about how you need to Stop Right Now because your machine is at risk! Regardless, it gets your attention, and usually it’s a show-stopper as far as your web-browsing is concerned. You have to deal with that box, one way or another, and in many cases, it keeps coming back.
Important Fact #1: Apple is not watching what you do with your Mac. They have no idea that you’ve gone to this website or that one. They do not pop up messages saying “Your machine’s been compromised, so please call this toll-free number.” They don’t. Neither does Microsoft, neither does Adobe. (Neither do I.) Google is watching where you go on the web but they are not popping up messages telling you to call them.
If it’s not Apple, not Microsoft, not Adobe, and not me popping up those messages, who is– and why do they do it? Well, if you haven’t guessed already, the answer to the first question is “bad guys” and the answer to the second question is they want to scare you into calling that toll-free number. Once they have you on the phone, they’ll ask you to install something that allows them access to your machine (yikes!), and some time after that they’ll ask you for money. It might take half an hour, it might take an hour– I’ve heard about it taking longer than that– but eventually they will get around to asking you for money. The bad guys spend a good bit of time and effort to convince you that something’s wrong with your Mac, that your passwords and bank records and identity could be stolen, and that you’re lucky that you called. They then offer to monitor your machine to make sure everything is safe going forward.
Important Fact #2: there wasn’t anything wrong with your Mac. You just stumbled onto a website that was rigged to pop up a scary-sounding message. Someone laid a trap and you clicked on it (I’ll go into how it happens later). For now, know that the website you landed on was designed to pop up a scary message, no matter whose Mac landed on it.
This “safety monitoring” doesn’t come cheap. I know people who paid $895 for this. And they got nothing for it. It’s a total scam.
How It Happens
I hate to blame it on you (or on me), because we are just barely to blame. Basically we went to a website we shouldn’t have gone to– maybe on purpose, maybe not. Maybe you did a Google search and clicked something, like I did last night:
I was looking for the company that makes “Click Live Chat” and when I searched Google for it, the very first result looked promising– but it was a trap. I stepped right into it. As soon as I clicked that link– the first result in the Google search– I got a message about my Mac being infected. Yes, this means they fooled me (and they fooled Google). I’m the one who clicked the link, so I’m the one responsible for the pop-up window with the “Alert! You’re infected!” message. In this case, every click on the link to ClickLiveChat.com.de produced a pop-up window. The message popped up as the page was being loaded. But I already showed you that this was easy to do– I did on this very page. (Want to see it again? Just reload the page.)
You can bet I didn’t call them.
The game boils down to getting people to load a page that will automatically pop up a fake warning message. We’ve seen one way– somehow they get their bad website to show up at the top of a Google search result. Another way is to put a link on a page saying “Your Flash Player is out of date, click here,” and since we’re all used to frequent Flash Player updates, we click the link– and it takes us to a website that pops up a message. A third way is to get domain names like “news.com.com” (don’t go there), or ones that are common typos or misspellings of real websites, then make pop-up message websites at those locations, waiting for you and for me to mis-type a URL.
By the way, the iPhone and iPad aren’t immune from this. If you go to a website with a pop-up message it will pop up on your iPhone or iPad, same as on your Mac. Here’s an example (the website was news.com.com).
What You Should Do
Second, be suspicious of any message that pops up on your screen asking you to “click here” or “call us at this toll-free number” no matter how plausible the company’s name or sales pitch is. (Call me if you want.) Also be suspicious of any “free” download that will clear your “problem” right up.
Note: the bad guys are pretty clever. If they can’t load a pop-up window they’ll take you to a web page that has a picture of a pop-up window, complete with shadow.
Third, if you do see such a message, know how to fight it (and win!). On your Mac, try quitting your browser. If you can’t (because the pop-up box won’t go away) hold the Option key, click and hold on the browser’s icon in the Dock, and choose “Force Quit.” If you know another way to Force Quit that’s fine too. If the message comes back when you restart your browser, quit it again, and then start it again while holding down the Shift key. That might do it.
On an iPhone or iPad, dismissing the pop-up will eventually produce a message (from Apple) offering to block alerts from that site. Accept the offer. See below.
You’re not quite out of the woods yet. You still need to close the bad website. Do that by tapping at bottom right, to show all open web pages (you may be surprised at how many are open):
Then, find the bad page visually, and click on the “x” next to it.
That’ll do it. Click “Done” at bottom right and you are back in business.
For your pleasure and education, I’ve prepared a slide-show of phony virus warnings that I collected in the last few hours. Get familiar with them so you’ll recognize things like this in the wild. Pay attention to the URLs where shown and notice how they try to fool you.
Click here to read my article about removing adware and malware from your Mac using the free Malwarebytes program. If you think you really might have a virus, use VirusBarrier (part of Intego’s Internet Security suite).
For future reading: ScamWarners and ScamBusters websites. Also Apple’s page “Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams.”Copyright 2008-2022 Christian Boyce. All rights reserved.