Microsoft Security Alert Scam

What is Microsoft Security Alert?

"Microsoft Security Alert" is a fake error similar to Suspicious Connection, Firewall Breach Detected, Your Computer Is In Blocked State, and many others. "Microsoft Security Alert" is displayed by a malicious website that users often visit inadvertently - they are redirected by various potentially unwanted programs (PUPs).

Research shows that, as well as infiltrating systems without consent, PUPs misuse system resources, gather information, and deliver 'malvertising' ads (pop-ups, banners, coupons, etc.)

"Microsoft Security Alert" states that the system is infected and that the user must immediately contact Windows Help Desk (via a telephone number ["+44-800-086-9326"] provided) to resolve this issue. It is stated that if the victim decides to ignore the message, all private details (logins/passwords, banking information, etc.) are compromised.

Be aware, however, that "Microsoft Security Alert" error is fake - merely a scam that has nothing to do with Microsoft (Windows Operating system developers). Cyber criminals claim to be certified technicians and generate revenue by selling their services, which are not needed - the malware simply does not exist.

Furthermore, after calling these people, users will probably be asked to grant remote access to their computers. Once connected, criminals install malware and/or change system settings. They then claim to detect more issues and offer further help for additional fees.

For these reasons, we strongly advise you to ignore the "Microsoft Security Alert" error and never call the aforementioned telephone number. This error can be removed simply by closing the web browser or restarting the system. Some PUPs and malicious websites mine cryptocurrency or run other unwanted processes in the background.

In doing so, these PUPs/websites significantly diminish computer performance. Another downside is information tracking. Potentially unwanted programs often record IP addresses, website URLs visited, pages viewed, search queries, keystrokes, and various other data types that might contain personal details.

This information is later sold to third parties (mostly, for marketing purposes). Furthermore, PUPs deliver various advertisements that conceal underlying website content (thereby diminishing the browsing experience), and might also redirect to malicious websites and/or execute scripts that download/install malware.

For these reasons, potentially unwanted programs must be uninstalled immediately.

Threat Summary:

Name	"Microsoft Security Alert" virus
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	The error claims that the system is damaged/blocked due to a number of reasons (e.g., suspicious connections, usage of illegal/cracked software, etc.) Message encourages users to call fake Microsoft tech support afterwards.
Tech Support Scammer Phone Number	+44-800-086-9326, +1-877-740-0608 (the phone number may vary depending on scam's variant).
Related URL Address(es)	134.com.s3-website.us-east-2.amazonaws[.]com
Serving IP Address (134.com.s3-website.us-east-2.amazonaws[.]com)	52.219.80.139
Sibling Domains (134.com.s3-website.us-east-2.amazonaws[.]com)	ec2-100-24-117-167[.]compute-1.amazonaws[.]com, ec2-18-130-29-32.eu-west-2[.]compute.amazonaws[.]com, ec2-18-206-48-187[.]compute-1.amazonaws[.]com, ec2-18-207-239-202[.]compute-1.amazonaws[.]com, ec2-18-219-192-101.us-east-2[.]compute.amazonaws[.]com, ec2-3-88-157-70[.]compute-1.amazonaws[.]com, ec2-34-219-246-144.us-west-2[.]compute.amazonaws[.]com, ec2-34-248-154-158.eu-west-1[.]compute.amazonaws[.]com, ec2-35-171-45-201[.]compute-1.amazonaws[.]com, ec2-54-210-121-245[.]compute-1.amazonaws[.]com, finnanc.s3.amazonaws[.]com, foxmediatools.s3.amazonaws[.]com, jfkdsgff16-jksdfgdf04kkk.s3.amazonaws[.]com, le6m01t329.execute-api.us-east-1.amazonaws[.]com, manual-snort-org.s3-website-us-east-1.amazonaws[.]com, media.casesbysource[.]com.s3.amazonaws[.]com, pulley.s3.amazonaws[.]com, s3.us-east-2.amazonaws[.]com, sg4jjo5c7r4riuqwl.s3.amazonaws[.]com, waf.amazonaws[.]com
Additional Information	Be aware that amazonaws.com (Amazon AWS) is a legitimate service provided by Amazon Inc. However, cyber criminals use this service to build malicious websites. Therefore, it may seem that amazonaws.com is also a malicious domain. You can find more information in this article.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

As mentioned above, "Microsoft Security Alert" is virtually identical to dozens of other fake errors. All states that the system is infected, missing files or damaged in other ways, however, such claims are merely attempts to scare and trick victims into paying for technical support that is not required. Potentially unwanted programs are also very similar.

Their only purpose is to generate revenue for the developers. Most these apps offer various "useful features". In fact, however, they usually deliver no value for regular users. potentially unwanted programs pose a direct threat to your privacy and Internet browsing safety.

How did adware install on my computer?

In some cases, potentially unwanted programs have official download websites, however, most are distributed using malicious ads and by a deceptive marketing method called "bundling". Thus, due to careless behavior and lack of caution exhibited by many users, PUPs often infiltrate systems without permission.

"Bundling" is stealth installation of third party programs together with regular software/apps. Developers hide "bundled" programs within the "Custom/Advanced" settings, or other sections of the download/installation processes.

Many users rush these processes and skip steps. Furthermore, they often click various ads, thus exposing their systems to risk of various infections and compromising their privacy.

How to avoid installation of potentially unwanted applications?

To prevent system infiltration by PUPs, be very cautious when browsing the Internet and especially when downloading/installing software. Be aware that malicious ads usually appear legitimate, however, most lead to adult dating, pornography, survey, gambling, and other dubious websites.

If you encounter such ads, uninstall all suspicious applications and browser extensions (some PUPS deliver malicious ads). Furthermore, select the "Custom/Advanced" settings, carefully analyze each download/installation step, and opt-out of all additionally-included programs.

In addition, avoid using third party download/installation tools, since they are monetized using the "bundling" method (they promote unwanted software). The key to computer safety is caution.

Text presented within the first pop-up:

1. Call Windows Help Desk Immediately at +44-800-086-9326
The following data will be compromised if you continue:
1. Passwords
2. Browser history
3. Credit Card Information

The virus is well known for complete identity and credit card theft. Further actions through this computer or any computer on the networks will reveal private infroamtion and involve serious risks. Call Windows Help Desk Immediately at +44-800-086-9326

Second pop-up of "Microsoft Security Alert" scam:

Text presented within the second pop-up:

Firewall detecting suspicious incoming network connections, we recommend that you click on "Back to Safety"

Your computer has been Locked to prevent damage Call Now: +44-800-086-9326
Error Code-BA4079D
Your computer with the IP address - has been infected by the Trojan Zeus - System Activation KEY has expired & Your Information for example passwords, messages and credit cards) are at the verge of being stolen. Call the Windows Help Desk +44-800-086-9326 to protect your computer and identity from further damage.
Call Now: +44-800-086-9326

The appearance of "Microsoft Security Alert" pop-up (GIF):

Yet another variant of "Microsoft Security Alert" pop-up scam:

Text presented in the pop-up and the website itself:

VIRUS ALERT FROM MICROSOFT
This computer is BLOCKED
Do not close this window and restart your computer
Your computer's registration key is Blocked.
Why we blocked your computer?
The window's registration key is illegal.
The windows is using pirated software.
This window is sending virus over the Internet.
This window is hacked or used from undefined locations.
We block this computer for your security.
Contact microsoft helpline to reactivate your computer.
Microsoft Security Tollfree:
+1-877-740-0608

 

---

 

MICROSOFT SECURITY ALERT !!
Your Personal And Financial Information like "User Name, Passwords, Bank Login Credentials and Credit Cards Information" are being extracted from yourDevice.

Call Microsoft Helpdesk IMMEDIATELY !!
at +1-877-740-0608 to Protect your Important Information and Identity from getting Mis-used.

Your Access is blocked to Ensure Your Information Stays Safe.

DO NOT RESTART YOUR DEVICE TO MAKE SURE YOU DON'T LOOSE ANY INFORMATION !!
CALL: +1-877-740-0608

Yet another variant of "Microsoft Security Alert" pop-up scam:

Text presented within:

Microsoft Security Alert

We detected something unusual about a recent sign-in to the Microsoft account.

Sign-in details
Country/region: Philippines
IP address: 112.198.207.211
Date:10/10/2020 12:57 PM (GMT)
Platform: Mac OS
Browser: -
Bank AccountLogin
Social Account Login
Account Dispelling
Social Security Number
Credit Card Details

CRITICAL ALERT FROM MICROSOFT. YOUR COMPUTER HAS ALERTED US THAT IT IS INFECTED WITH A VIRUS AND SPYWARE. THIS VIRUS IS SENDING YOUR CONFIDENTIAL INFORMATION, SAVED PASSWORDS AND PERSONAL EMAILS TO HACKERS REMOTELY. PLEASE CALL US IMMEDIATELY ON +1 833-635-2356(Toll Free) ERROR NUMBER #278D5

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Microsoft Security Alert?
• STEP 1. Uninstall deceptive applications using Control Panel.
• STEP 2. Remove adware from Internet Explorer.
• STEP 3. Remove rogue extensions from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
• STEP 5. Remove rogue extensions from Safari.
• STEP 6. Remove rogue plug-ins from Microsoft Edge.

Adware removal:

Windows 11 users:

Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.

Windows 10 users:

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Windows 7 users:

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

macOS (OSX) users:

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted program, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove adware from Internet browsers:

Video showing how to remove potentially unwanted browser add-ons:

Remove malicious add-ons from Internet Explorer:

Click the "gear" icon (at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".

Optional method:

If you continue to have problems with removal of the "microsoft security alert" virus, reset your Internet Explorer settings to default.

Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.

Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.

Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.

In the opened window, select the Advanced tab.

Click the Reset button.

Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon  (at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons, select these entries and click the trash can icon.

Optional method:

If you continue to have problems with removal of the "microsoft security alert" virus, reset your Google Chrome browser settings. Click the Chrome menu icon  (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Remove malicious plug-ins from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window), select "Add-ons". Click "Extensions", in the opened window, remove all recently-installed suspicious browser plug-ins.

Optional method:

Computer users who have problems with "microsoft security alert" virus removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.

Select Troubleshooting Information.

In the opened window, click the Refresh Firefox button.

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Remove malicious extensions from Safari:

Make sure your Safari browser is active, click Safari menu, and select Preferences....

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

In the opened window select all history and click the Clear History button.

Remove malicious extensions from Microsoft Edge:

Click the Edge menu icon  (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Optional method:

If you continue to have problems with removal of the "microsoft security alert" virus, reset your Microsoft Edge browser settings. Click the Edge menu icon  (at the top right corner of Microsoft Edge) and select Settings.

In the opened settings menu select Reset settings.

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

• If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Summary:

Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Post a comment:
If you have additional information on "microsoft security alert" virus or it's removal please share your knowledge in the comments section below.

▼ Show Discussion