What is "Activation Warning Alert"?
"Activation Warning Alert" is a scam run by rogue web pages. It warns users of 'threats' present on their device, supposedly detected by Windows Security. Note that this scheme has no connection to Microsoft. The scam urges people to call a fake technical support number and share their Windows account and operating system details.
Most visitors to deceptive websites, which run "Activation Warning Alert" and similar scams, usually access them inadvertently - they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the device.
When a "Activation Warning Alert" scam web page is visited, users first see a pop-up window stating that the server is requesting their usernames and passwords. The pop-up claims that the server has found 'suspicious activity' originating from a harmful virus.
It alleges that a system file is missing and, due to this, system failure is imminent. Users are instructed to call a bogus Microsoft Helpline, which is "toll-free". The message further attempts to scare users that restarting/rebooting the computer will result in partial or full data loss and complete failure of the system.
Above the fields (where users must provide their account details), it is stated that their credentials are being sent using basic authentication on a connection that is not secure. Another pop-up on the right of the page informs users that "Windows Activation Error 0xC004FC03" has occurred.
This error is apparently preventing Windows activation, as the product key has been used for another device (it is implied that other parties are using a pirated version, or their activation key has been used for piracy purposes). The window states that if users believe this is not the case, they can enter their Windows activation key and retry activation.
The background page advises people not to ignore this critical alert and call the number provided. It attempts to prevent users from closing the deceptive site, by proclaiming that doing so will lead to access to the computer being disabled. The bogus threat behind this error is allegedly "pornographic Spyware and a virus".
To heighten users' alarm, the scam informs them that communication and social media account logins/passwords, financial account credentials and other important data has been stolen. This can be avoided if users call technical support, which will supposedly provide assistance with the threat removal.
Schemes such as "Activation Warning Alert" are designed solely to generate revenue for the cyber criminals responsible. This can accomplished in various ways. For example, the fraudulent 'tech support' number might have high fees, even if it is claimed otherwise. Additionally, users may be charged for fake services rendered.
They can also be encouraged into downloading/installing or purchasing untrusted or malicious content. Any websites that claim to detect threats/issues present on visitors' devices cannot be trusted, since no website can perform such detections.
If a scam web page cannot be exited by closing the browser tab/window, Task Manager should be used to terminate the browser process, however, when reopening the browser, do not restore the previous session. If restored, the deceptive site will be reopened (or the site that initially redirected to the scam).
As mentioned, deceptive/scam sites are typically accessed via redirects caused by PUAs. These apps often seem legitimate and entice users to install with them offers of "useful" and "beneficial" features/functions. The features rarely work as promised and, in most cases, are nonoperational.
Rather than working as advertised, unwanted applications generate redirects to untrusted and malicious pages, run intrusive advertisement campaigns, hijack browsers and track sensitive data. The latter capability is possessed by most PUAs, regardless of their other specifications.
These apps monitor users' browsing activity and gather their personal information (IP addresses, geolocations and other details). This private data is then shared with third parties (often, cyber criminals) intent on misusing it for financial gain.
To summarize, PUAs can lead to browser/system infiltration and infections, serious privacy issues, financial loss and even identity theft. To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins immediately.
|Activation Warning Alert phishing scam
|Phishing, Scam, Social Engineering, Fraud.
|Scam claims visitors device is infected and Windows activation has failed.
|Tech Support Scammer Phone Number
|+61-1800-952-354 and 844-545-5419
|Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
|Compromised websites, rogue online pop-up ads, potentially unwanted applications.
|Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
|Malware Removal (Windows)
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
"Call Microsoft Helpline", "Microsoft Protected Your Computer", and "VIRAL ALARM OF MICROSOFT" are some examples of scams similar to "Activation Warning Alert". These schemes tend to use scare tactics and social engineering to encourage visitors into performing specific actions.
For example, scams can trick users into calling fraudulent technical support, paying for bogus services, downloading/installing and/or purchasing dubious software, etc. You are strongly advised against trusting the claims of these web pages. Ignore any statement and close them without delay.
How did potentially unwanted applications install on my computer?
PUAs proliferate through the download/install set-ups of other programs. This deceptive marketing method of pre-packing normal products with unwanted or malicious content is called "bundling". Rushing download/installation processes (e.g. skipping steps, using presets, etc.) increases the risk of potential system infiltration and infections.
Some unwanted apps also have "official" download pages. When clicked, intrusive advertisements can execute scripts to download/install PUAs without users' permission.
How to avoid installation of potentially unwanted applications
You are advised to research all content, before downloading/installing. Use only official and verified download sources. Peer-to-Peer sharing networks (BitTorrent, Gnutella, eMule, etc.), free file-hosting sites and other third party downloaders are untrusted and should not be used.
When downloading/installing, read the terms, explore all possible options, use the "Custom/Advanced" settings and opt-out of additional apps, tools, functions and so on. Intrusive ads usually seem legitimate and harmless, however, they can redirect to rogue websites (e.g. gambling, adult-dating, pornography, etc.).
If you encounter ads/redirects of this type, inspect the device and immediately remove all suspect applications and/or browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
Text presented in the "Activation Warning Alert" scam initial pop-up:
This server ***.***.**.** is asking for your username and password.
That server also reports: "Suspicious activity detected due to harmful virus installed in your computer. Call Microsoft Toll Free now @ +61-1800-952-354 for any assistance. Your data is at a serious risk. There is a system file missing due to a harmful virus error, causing system failure. Please contact technicians at Microsoft Toll Free Helpline at @ +61-1800-952-354. PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM, HENCE NON BOOTABLE SITUATION RESULTING IN COMPLETE DATA LOSS. CONTACT MICROSOFT TO RESOLVE THE ISSUE ON TOLL FREE NUMBER: +61-1800-952-354"
Warning: Your username and password will be sent using basic authentication on a connection that isn't secure.
Text presented in the other pop-up:
Activation Error 0xC004FC03
We Can't activate Windows on this device because the product key was already used on another device. if you think it wasn't used on another device . enter below your registration key for troubleshoot
Error code: 0xC004C020
This product is licensed under the Microsoft Software License Terms to:
Call Windows Support +61-1800-572-285
Text presented in the background page of the "Activation Warning Alert" scam:
** Activation Warning Alert **
Error # 0xC004FC03
Please call us immediately at: 844-545-5419
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a Pornographic Spyware and virus. The following information is being stolen:
2.Credit Card Details
3.Email Account Logins
4.Photos and documents stored on this computer
You must contact us immediately so that our expert engineers can walk you through the removal process over the phone to protect your identity. Please call us within the next 5 minutes to prevent your computer from being disabled or from any information loss.
Call Microsoft Windows Support
+61-1800-572-285 (Toll FREE)
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is Activation Warning Alert phishing scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.