Your device has been infected, click here to download the only app that can salvage your data! You have 20 seconds!

Clicking on pop-up messages on your phone or computer can sometimes be tempting. Especially a popup dialog box indicating a problem with your device and prompting you to contact tech support.

That is what cybercriminals are counting on. According to cybersecurity solutions firm Sophos, there has been a resurgence of such fake alerts, called Scareware or Malvertising, that lure you into thinking you need technical support and then buying fake apps or fleeceware off a mobile app store.

These fake alerts also now prompt you to “call back,” saving scammers from having to cold-call or voice-phish victims. Below is an example of a fake alert uncovered by the company:

According to Senior Threat Researcher Sean Gallagher, Sophos: “While browser developers have done a lot to make ‘malvertising’ more difficult, ad networks keep finding new ways to pop up content in device browsers, and scammers continue to take advantage of ad networks to target more vulnerable people. Sophos’ research shows how expansive these ‘fake alert’ fraud schemes (and the ecosystem that supports them) still are, and how little investment and technical skill are required to run them.”

However, fake alerts can be easy to spot and avoid:

  • Check for spelling errors and strange phrasing (in English malvertising)
  • If there is a countdown clock or intense pressure to call the advertiser back, it is likely a scam
  • To remove a fake warning, simply close your browser. If this is not possible, try restarting shutting down your browser and restarting it

Support-scam pages often use scripts that make it difficult or impossible to close the web browser normally or navigate away from the page, including forcing the browser window to full screen size, hiding or camouflaging the mouse cursor, launching never-ending file downloads, popping up log-in boxes that request a username and password, or attempting to capture keystrokes to prevent navigation away from the page with keyboard shortcuts.

Using Task Manager (on Windows) or Force Quit (on macOS) may be the only way to escape some of these pages, short of a reboot and not allowing the browser to restore pages from the last session when re-launching.