Ars Technica posted yesterday about an issue that many of my clients have been and/or will be plagued by: Those nasty, scary-looking “CRITICAL SECURITY ALERT” pop-up ads that take over your web browser (Safari, Chrome, Firefox, etc) in order to get you to call some toll-free phone number so that they can save you from the horrible virus/trojan/malware that’s infected your system. If you call the number, the scammers will usually tell you that your computer is infected in some way and you’re at great risk. They’ll use frightening words like Virus! Trojan! Malware! Spyware! Infected! Firewall! Malicious attack! Security compromised! Danger! Risk! But really, the only thing you’re at risk of at this point is of being scammed and the only danger is to your credit card.
Most of the time, the scammers will tell you that they need remote access to your computer so they can show you “proof!” that your computer has been compromised. And if you agree to that they’ll direct you to a LogMeIn Rescue or TeamViewer or GoToMyPC page where you’ll download a small piece of software that will grant them access to view and control your computer (unfortunately often using the same software that *I* use for legitimate purposes to provide remote support). Once they have access they’ll open up the Terminal app on your computer and type in some commands that you won’t understand and they’ll show you the output, which will look very scary and official and technical. At that point they’ll tell you that they can help! They can fix this mess for you! They can clean up all the horrible things that have infiltrated your system and make sure it stays clean and healthy from this day forward… all for the low price of $199 (or similar number). Billed yearly for your convenience. You’ll be so worried that it won’t take much convincing and you’ll gladly read off your credit card number to them because they are doing you a great favor and you want these bugs eradicated.
Some of you have already fallen for this. That’s ok. You’re only human and these scammers really are very convincing. If I’ve been made aware of it after the fact, I’ve already helped you get the credit card charges reversed and cleaned your system of all the nasty bits the scammers leave behind (bloated and mostly unnecessary antivirus programs and spyware of their own, for example). Most of you have been suspicious enough to call me before calling them and I’ve been able to help you get rid of the obstructive pop-up and regain use of your computer without the scammy ad continuing to re-open, effectively preventing you from doing much else.
If it hasn’t happened to you yet, congratulations! But be aware that there’s a good chance you will be hit by it eventually. It’s very common now and no one is immune. Knowing how to react when it does happen to you is what counts. Here’s how:
Force quit Safari to get rid of the ad (Apple menu > Force Quit > select Safari in the list > click the Force Quit button at the bottom of that window).
When you re-open Safari, do so while holding down the SHIFT key on the left side of your keyboard. That will prevent any windows from re-opening in Safari when it opens.
Then you can go to the File menu in Safari (upper left of the menubar) and select New Window to begin a new browsing session. If you’re still concerned that you might have clicked something nefarious earlier, are seeing other suspicious behavior or these tips aren’t working for you, get in touch and we’ll schedule a checkup and a malware and security audit. And if you want to be a good Netizen, consider reporting the scam to the FTC.