CloudFront Scam

Also Known As: CloudFront pop-up scam
Damage level: Medium

What is CloudFront?

CloudFront is a legitimate service provided by Amazon allowing developers to improve users' web browsing experience by optimizing distribution of certain web content (read more here). Cyber criminals abuse this service to promote various web scam models and malicious programs (e.g., fake Adobe Flash Player updater, deceptive Calendar events, etc.).

If you continually encounter pop-ups that open with the cloudfront.net URL, your computer is probably infected with a type of malware (most likely adware or a browser hijacker).

CloudFront adware

Content promoted via abuse of CloudFront services overview

As mentioned above, CloudFront service is used by cyber criminals who typically promote various websites that display fake errors. This scam model is very simple - users visit a deceptive website and encounter a fake error message, often stating that the system is damaged (e.g., infected, missing files, or similar).

Users are then encouraged to contact "certified technicians" (via telephone numbers provided) to resolve these issues. Be aware, however, that these pop-up errors are false - rather than calling technical support, users will be contacting cyber criminals who claim to be the technicians.

Users are then encouraged to pay certain fees in exchange for 'help' in removing infections or returning their systems to normal. In some cases, users are asked to grant remote access to their computers. Once connected, criminals stealthily install malware and change system settings, after which they claim to 'detect' additional issues and offer further help for an extra fee.

There is also a high probability that these people will demand answers to various "Yes/No" questions. They do this to record positive responses and use them as 'proof' that victims have agreed to submit various payments (e.g., online purchases, credit card charges, or similar).

In addition, these fake-error-displaying sites are designed to appear legitimate (for instance, they contain Apple/Microsoft logos, etc.); however, operating system developers do not use websites to inform users of corrupted systems, infections, and so on.

Criminals also employ CloudFront to promote websites claiming that the system is running outdated software. The most common is Adobe Flash Player. In fact, rather than downloading Flash Player updater, users will download high-risk malware (e.g., password stealers, keyloggers, etc.).

Furthermore, this service is used to push deceptive Calendar events. To elaborate, users are presented with unwanted notifications from their Calendar application, which likewise endorse misleading, scam, and malicious sites/content.

If you are continually redirected with the cloudfront.net URL, immediately eliminate all dubious programs/browser plug-ins and scan the entire system with a legitimate anti-virus/anti-spyware suite.

Threat Summary:
Name CloudFront pop-up scam
Threat Type Adware, Unwanted ads, Pop-up Virus
Symptoms Seeing advertisements not originating from the sites you are browsing. Intrusive pop-up ads. Decreased Internet browsing speed.
Distribution methods Deceptive pop-up ads, free software installers (bundling), fake flash player installers.
Damage Decreased computer performance, browser tracking - privacy issues, possible additional malware infections.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Potentially unwanted programs in general

Unwanted pop-ups are often delivered by adware/browser hijackers. Adware is a form of software that delivers various intrusive advertisements (coupons, banners, pop-ups, etc.) To achieve this, developers employ various tools (e.g., "virtual layers") that enable placement of third party graphical content on any site.

Therefore, displayed ads conceal underlying website content, thereby significantly diminishing users' Internet browsing experience. Furthermore, intrusive ads typically redirect to malicious websites and even run scripts that stealthily download and install malware/PUPs. Therefore, even a single click can result in high-risk computer infections.

Browser hijackers modify web browser options without users' consent. They assign browser settings (e.g., new tab URL, default search engine, homepage, etc.) to the URLs of malicious websites. As a result, users continually encounter unwanted redirects to these dubious sites.

In addition, adware and browser hijackers gather various sensitive information (e.g., IP addresses, geographic locations, Internet service providers [ISPs], web URLs visited, pages viewed, search queries, keystrokes, etc.) that includes personal details.

Developers sell this information to third parties (potentially, cyber criminals) who misuse private data to generate revenue. Therefore, the presence of data-tracking apps can lead to serious privacy issues or even identity theft.

Adware-type and browser-hijacking potentially unwanted programs (PUPs) often claim to provide various "useful features" (e.g., file conversion, system optimization, download performance increases, anti-virus software, and so on), however, rather than enabling any of the features promised, PUPs pose a direct threat to your privacy and Internet browsing safety. These programs are designed only to generate revenue for the developers.

How did potentially unwanted programs install on my computer?

To proliferate adware and browser hijackers, developers often use the aforementioned intrusive advertisements and, especially, a deceptive marketing method called "bundling". Therefore, due to lack of knowledge and careless behavior by many users, PUPs infiltrate systems without permission.

"Bundling" is stealth installation of third party applications together with regular software/apps. Developers do not disclose these installations properly - they conceal "bundled" programs within various sections (e.g., "Custom/Advanced" settings) of the download or installation processes.

Furthermore, many users rush these procedures and skip steps. In addition, they click suspicious links/ads without understanding the possible consequences. In doing so, they expose their systems to risk of various infections and compromise their privacy.

How to avoid installation of potentially unwanted applications?

This situation can be prevented by paying close attention when downloading/installing software and browsing the Internet in general. Firstly, select "Custom/Advanced" settings and carefully analyze each window of the download/installation processes. Decline offers to download/install additional applications and opt-out of those already included.

Secondly, download your applications from official sources only and, preferably, using a direct download link. Third party downloaders/installers are monetized by promoting rogue apps (the "bundling" method) and, therefore, should never be used. Intrusive ads are designed to look legitimate.

Once clicked, however, they redirect to gambling, survey, pornography, and other dubious websites. If you encounter such ads, immediately remove all dubious applications and browser plug-ins. The key to computer safety is caution.

Example of a fake error scam promoted via "CloudFront" service (GIF):

CloudFront scam gif

Example of CloudFront service abuse to promote a fake SevenZip installation setup:

CloudFront service abused in to promote a fake SevenZip installation setup

Appearance of deceptive Calendar events promoted through the CloudFront service:

CloudFront service promoting deceptive Calendar events

Example of scammers promoting "McAfee - Your PC is infected with 5 viruses!" pop-up scam via CloudFront service:

McAfee - Your PC is infected with 5 viruses! pop-up scam promoted using CloudFront service

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
  • Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

  • If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
  • If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
  • Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is CloudFront?

CloudFront is a legitimate service provided by Amazon. It is designed to better users' browsing experience and optimize web content distribution.

Why do cyber criminals abuse CloudFront?

Since CloudFront domains are legitimate, security software is unlikely to detect those used to host deceptive/malicious material. Hence, sites abusing CloudFront services often do not appear in anti-virus databases.

How do cyber criminals abuse CloudFront?

Cyber criminals employ CloudFront services to push online scams (e.g., phishing sites, tech support scams, fake software updates, etc.) and untrustworthy/malicious applications (e.g., fake anti-viruses, adware, browser hijackers, trojans, etc.).

Is CloudFront itself a threat?

No, there are plenty of legitimate websites that use CloudFront, and thus the domain itself does not indicate that the website is dangerous or runs scams.

What is an online scam?

Online scams are essentially deceptive messages designed to trick users into performing various actions. For example, victims can be lured/scared into making monetary transactions, disclosing private data, downloading/installing and/or purchasing software, calling fake support lines, and so on.

What is the purpose of an online scam?

Like all scams - those promoted online are used to generate revenue. Cyber criminals can profit by obtaining funds by deception, abusing or selling private information, promoting software, proliferating malware, etc.

Why do I encounter online scams?

Online scams are promoted on rogue websites, which are usually accessed inadvertently. Most users enter these sites via redirects caused by webpages using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive advertisements, or installed adware.

Will Combo Cleaner remove unwanted redirects and protect me from online scams?

Combo Cleaner is designed to detect and eliminate threats. It is capable of removing malicious applications, including those that cause redirects. Additionally, Combo Cleaner can scan visited websites and block further access to dangerous sites (those that promote scams also fall within this category).

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
CloudFront pop-up scam QR code
Scan this QR code to have an easy access removal guide of CloudFront pop-up scam on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.