Has an unfamiliar pop-up appeared in your browser? Spread by adware, the “ransomware detected” pop-up and other fake pop-ups are used by cybercriminals to commit fraud.
This article teaches you how to identify and remove fake pop-ups. Read on as we explore:
Pop-ups are generated by websites to offer users additional information or guidance (such as how to fill in a form, how to apply a discount code, etc.) However, some can be unwanted or even harmful — these are usually fake pop-ups. In fact, some fake pop-ups are designed to entice you into clicking on a button that redirects you to a fake site. Some pop-ups may also be installed by adware or malware programs.
So, what is the “ransomware detected” pop-up? Like other fake pop-ups, this pop-up displays a false security warning as part of a pop-up scam. Fake pop-ups may appear in your browser (if your browser is redirected by adware) or they may be produced by adware or malware programs installed on your computer.
Adware is something that you may have downloaded accidentally, possibly by clicking on a malicious advert by mistake. Alternatively, adware may have infected your computer through a link in a spam email or an attachment that you opened. Once on your computer, adware automatically displays pop-ups in your browser when you are online. The “ransomware detected” pop-up is one of many fake pop-ups that can trigger malicious advertising.
The message displayed on the “ransomware detected” pop-up may appear similar to this:
Error #268D3 (Unauthorized access)
Russia, China, Vietnam
1) Facebook Logins
2) Credit Card Detail
3) Email Account login
Do Not Shut down or Reset Your Computer, Call Security Expert & Scan Your Device & Network Now.
The server reports that it is from Internet Security Damaged !!! WannaCry Ransomware Threat Detected !! Call Microsoft Help Desk: (TOLL-FREE) for Free Checkup.
Warning: Your username and password will be sent using basic authentication on a connection that isn’t secure.
If you spot this message, this a fake-pop up and is part of a pop-up scam. Do not respond to it. Instead, follow the adware and fake pop-up removal process outlined in this article.
Fake pop-ups, like the “ransomware detected” pop-up, tell users that there is a security threat or technical problem with their computer. They instruct users to call a telephone number specified on the pop-up in order to pay for technical support to resolve this threat.
Cybercriminals use these pop-up scams to make money. They prey on concerned users who want to ensure their computer is secure, extorting money from them to fix problems and resolve threats that do not exist.
To learn more about how pop-up and tech support scams work, read our article on Tech Support Scams.
Now you understand what pop-up scams are, let’s discuss how to spot them. Here are a few ways to identify a fake pop-up:
To identify a fake pop-up, look closely at the information being displayed in the pop-up. Are there any spelling mistakes? Do the images look professional?
Poor spelling and grammar and unprofessional imagery suggest that a pop-up is fake.
Fake pop-ups may claim to be from your internet security provider. It is important to be able to differentiate legitimate notifications from fake pop-ups.
Familiarize yourself with how legitimate notifications (from the internet security or anti-virus software you use) normally appear. If you use Kaspersky Internet Security, this is how security notifications from us appear.
Getting familiar with how legitimate notifications appear will help you spot a fake pop-up.
If you’re in any doubt, ignore the pop-up and scan your computer using your Internet security product.
Fake pop-ups may cause your browser to switch to full screen mode. If your browser is on full screen mode and you see a suspicious pop-up, try to minimize or close your browser.
If you are unable to minimize or close your browser, it is likely that the pop-up you are seeing is a scam. Be careful when trying to close or minimize the pop up itself: the minimize and close buttons usually aren’t real. They’re just images of real buttons on a button and by clicking on them you are responding to the pop-up.
Most fake pop-ups give a phone number and instruct you to call it to resolve a security threat. If the pop-up claims to be from your internet security provider, check the phone number given against the number on the official website.
Another way to verify a phone number is to type it into your search engine. Legitimate company phone numbers can be verified this way. If you cannot find the company the phone number is attributed to, it is likely to be a scam.
While your internet security provider may offer technical support over the phone, they will not demand that you call them — especially not via a pop-up.
Your anti-virus or internet security software does not require you to call anyone in order to work. Threats are normally resolved within the software itself.
If a pop-up is demanding that you call a number in order to resolve a security threat or fix a technical issue, it is likely to be a pop-up scam.
This section explores how to remove tech support scam pop-ups from your browser. If you spot a fake pop-up, you can easily remove it using Kaspersky Anti-Virus.
First, you need to close your browser. If the “ransomware detected” pop-up or another fake pop-up has locked your browser on full screen mode, close your browser using ‘Task manager’.
Click Ctrl+Alt+Del and select ‘Task manager’. Highlight your browser from the list and left click on it. Then, click ‘End task’ to close your browser. When you reopen your browser, ensure that it is set to block pop-up windows and not reopen the last opened page.
To remove the adware causing the “ransomware detected” pop-up and other fake pop-ups to appear in your browser, follow these 10 simple steps:
The “ransomware detected” pop-up is one type of fake pop-up. Other fake pop-ups that cybercriminals use as part of pop-up scams include:
“AppleCare renewal” pop-up: This is a pop-up scam that affects Mac users. The fake pop-up tells users there is a problem with their device and to call Apple support on a false number. Users who call may be made to think they need to renew AppleCare and tricked into paying the scammers.
Fake police pop-ups: Some fake pop-ups show messages claiming to be from law enforcement. They may trick users into calling a number to avoid criminal proceedings or give over personal data to help with an ‘investigation’.
Fake email provider pop-ups: Other fake pop-ups may pretend to be from your email provider, luring you to provide passwords or other personal data.
If you spot a fake pop-up, here’s how to avoid being scammed:
So, how can you protect your computer from adware and prevent fake pop-ups from appearing? Follow our adware and fake pop-up prevention tips to stay protected:
Want to avoid becoming the victim of a pop-up scam? Prevent adware and fake pop-ups with Kaspersky Internet Security.