You’re just browsing the internet on your computer or smartphone, when suddenly you get a popup that tells you your device has viruses, or suddenly get the message that the machine has been locked due to an infection, and you can’t close out of anything.
Scared, you follow the instructions. What follows depends on the particular kind of device and what is asked of you. This may be downloading an app onto your phone or calling a number to get some assistance. There are many versions of this scareware scam, more than these pages can cover, but these are the most common versions.
If you’re asked to download an app to your phone, it’ll display some worrying but ultimately untrue things about what’s going on with your phone, and tell you that virus removal is a simple in-app payment or paying on some site. Or it may claim to clean your phone, but what it’s really doing is infecting it. In either case, it can’t remove a virus that doesn’t exist.
For PCs (Windows, Mac, and presumably Linux OSes), this will be a message - possibly with an associated audio file - stating that your computer has been locked and you must call this number so that it can be fixed. Once you call that number, they’ll want you to download a program such as TeamViewer or Rustdesk so they can remote into your computer and look at the problem. They’ll often run some perfectly ordinary but scary commands just to scare you - one example used the Windows command “dir /s”, which lists every file, and then pastes in some nasty text about you having been on a porn site and therefore getting infected. The solution, of course, is to buy a very expensive (and very fake, and possibly virus-infected) “antivirus” to “wipe out” the viruses and block the hackers.
Nastier versions might use a version of a known scam where the scammer finds out where the victim banks - either by the bank being up on the screen, in the victim’s bookmarks, or disclosed via social engineering, and then turns the victim over to a fake bank rep (who has been told by the first scammer what bank it is) who convinces the victim to withdraw a large amount of money and then turn it into bitcoin.
How to protect yourself
First, do not panic, because that is exactly what the scammer wants you to do. Try pressing the “escape” or “Esc” key as this will often stop the full-screen mode being used by the scam popup. You may want to try alt-F4 on Windows or Command-Option-Escape on Mac to close the browser. If you’re still not sure, take the machine down to a local repair place, or if it is your employer’s machine, call your IT helpdesk. They’re there to help.
Do not call the number on the screen. Real antivirus screens do not do blazing alerts. They may quietly pop a message at the bottom corner, but that’s it. Note that there are fake antivirus popups that simulate this alert, so you’ll want to check directly in the program itself if you have any alerts.
If you do call and they tell you to go to a site and download a program so they can look at your computer via remote access, do not let them remote access your computer. To repeat the most important part, DO NOT LET AN UNKNOWN PERSON, EVEN IF THEY SUPPOSEDLY REPRESENT MICROSOFT OR APPLE, REMOTE ACCESS YOUR COMPUTER. This gives the scammer access to your entire machine - and it’s entirely possible that they will install a backdoor to access your computer in the future, or lock you out of your accounts. Letting someone you don’t know access your computer is bad
You may want to install an adblocker on your browser - be like us cool cybersecurity kids who have been adblocking for a long time. These scareware messages tend to be from ads on websites - ad networks do a piss poor job of verfying that ads are not scams and scammers take advantage of that.