Avoid being scammed by "Activation Warning Alert"

Also Known As: Activation Warning Alert phishing scam
Damage level: Medium

What is "Activation Warning Alert"?

"Activation Warning Alert" is a scam run by rogue web pages. It warns users of 'threats' present on their device, supposedly detected by Windows Security. Note that this scheme has no connection to Microsoft. The scam urges people to call a fake technical support number and share their Windows account and operating system details.

Most visitors to deceptive websites, which run "Activation Warning Alert" and similar scams, usually access them inadvertently - they are redirected by intrusive ads or Potentially Unwanted Applications (PUAs) already infiltrated into the device.


When a "Activation Warning Alert" scam web page is visited, users first see a pop-up window stating that the server is requesting their usernames and passwords. The pop-up claims that the server has found 'suspicious activity' originating from a harmful virus.

It alleges that a system file is missing and, due to this, system failure is imminent. Users are instructed to call a bogus Microsoft Helpline, which is "toll-free". The message further attempts to scare users that restarting/rebooting the computer will result in partial or full data loss and complete failure of the system.

Above the fields (where users must provide their account details), it is stated that their credentials are being sent using basic authentication on a connection that is not secure. Another pop-up on the right of the page informs users that "Windows Activation Error 0xC004FC03" has occurred.

This error is apparently preventing Windows activation, as the product key has been used for another device (it is implied that other parties are using a pirated version, or their activation key has been used for piracy purposes). The window states that if users believe this is not the case, they can enter their Windows activation key and retry activation.

The background page advises people not to ignore this critical alert and call the number provided. It attempts to prevent users from closing the deceptive site, by proclaiming that doing so will lead to access to the computer being disabled. The bogus threat behind this error is allegedly "pornographic Spyware and a virus".

To heighten users' alarm, the scam informs them that communication and social media account logins/passwords, financial account credentials and other important data has been stolen. This can be avoided if users call technical support, which will supposedly provide assistance with the threat removal.

Schemes such as "Activation Warning Alert" are designed solely to generate revenue for the cyber criminals responsible. This can accomplished in various ways. For example, the fraudulent 'tech support' number might have high fees, even if it is claimed otherwise. Additionally, users may be charged for fake services rendered.

They can also be encouraged into downloading/installing or purchasing untrusted or malicious content. Any websites that claim to detect threats/issues present on visitors' devices cannot be trusted, since no website can perform such detections.

If a scam web page cannot be exited by closing the browser tab/window, Task Manager should be used to terminate the browser process, however, when reopening the browser, do not restore the previous session. If restored, the deceptive site will be reopened (or the site that initially redirected to the scam).

As mentioned, deceptive/scam sites are typically accessed via redirects caused by PUAs. These apps often seem legitimate and entice users to install with them offers of "useful" and "beneficial" features/functions. The features rarely work as promised and, in most cases, are nonoperational.

Rather than working as advertised, unwanted applications generate redirects to untrusted and malicious pages, run intrusive advertisement campaigns, hijack browsers and track sensitive data. The latter capability is possessed by most PUAs, regardless of their other specifications.

These apps monitor users' browsing activity and gather their personal information (IP addresses, geolocations and other details). This private data is then shared with third parties (often, cyber criminals) intent on misusing it for financial gain.

To summarize, PUAs can lead to browser/system infiltration and infections, serious privacy issues, financial loss and even identity theft. To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins immediately.

Threat Summary:
Name Activation Warning Alert phishing scam
Threat Type Phishing, Scam, Social Engineering, Fraud.
Fake Claim Scam claims visitors device is infected and Windows activation has failed.
Tech Support Scammer Phone Number +61-1800-952-354 and 844-545-5419
Symptoms Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"Call Microsoft Helpline", "Microsoft Protected Your Computer", and "VIRAL ALARM OF MICROSOFT" are some examples of scams similar to "Activation Warning Alert". These schemes tend to use scare tactics and social engineering to encourage visitors into performing specific actions.

For example, scams can trick users into calling fraudulent technical support, paying for bogus services, downloading/installing and/or purchasing dubious software, etc. You are strongly advised against trusting the claims of these web pages. Ignore any statement and close them without delay.

How did potentially unwanted applications install on my computer?

PUAs proliferate through the download/install set-ups of other programs. This deceptive marketing method of pre-packing normal products with unwanted or malicious content is called "bundling". Rushing download/installation processes (e.g. skipping steps, using presets, etc.) increases the risk of potential system infiltration and infections.

Some unwanted apps also have "official" download pages. When clicked, intrusive advertisements can execute scripts to download/install PUAs without users' permission.

How to avoid installation of potentially unwanted applications

You are advised to research all content, before downloading/installing. Use only official and verified download sources. Peer-to-Peer sharing networks (BitTorrent, Gnutella, eMule, etc.), free file-hosting sites and other third party downloaders are untrusted and should not be used.

When downloading/installing, read the terms, explore all possible options, use the "Custom/Advanced" settings and opt-out of additional apps, tools, functions and so on. Intrusive ads usually seem legitimate and harmless, however, they can redirect to rogue websites (e.g. gambling, adult-dating, pornography, etc.).

If you encounter ads/redirects of this type, inspect the device and immediately remove all suspect applications and/or browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Text presented in the "Activation Warning Alert" scam initial pop-up:

Windows Security
Microsoft Edge
This server ***.***.**.** is asking for your username and password.

That server also reports: "Suspicious activity detected due to harmful virus installed in your computer. Call Microsoft Toll Free now @ +61-1800-952-354 for any assistance. Your data is at a serious risk. There is a system file missing due to a harmful virus error, causing system failure. Please contact technicians at Microsoft Toll Free Helpline at @ +61-1800-952-354. PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILURE OF OPERATING SYSTEM, HENCE NON BOOTABLE SITUATION RESULTING IN COMPLETE DATA LOSS. CONTACT MICROSOFT TO RESOLVE THE ISSUE ON TOLL FREE NUMBER: +61-1800-952-354"

Warning: Your username and password will be sent using basic authentication on a connection that isn't secure.

Text presented in the other pop-up:

Windows Activation
Activation Error 0xC004FC03
We Can't activate Windows on this device because the product key was already used on another device. if you think it wasn't used on another device . enter below your registration key for troubleshoot
Error code: 0xC004C020

This product is licensed under the Microsoft Software License Terms to:
Call Windows Support +61-1800-572-285

 Text presented in the background page of the "Activation Warning Alert" scam:

Security Warning:

** Activation Warning Alert **

Error # 0xC004FC03

Please call us immediately at: 844-545-5419
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a Pornographic Spyware and virus. The following information is being stolen:

1.Facebook  Logins
2.Credit  Card  Details
3.Email  Account  Logins
4.Photos and documents  stored  on this computer

You must contact us immediately so that our expert engineers can walk you through the removal  process over the phone to protect your identity. Please call us within the next 5 minutes to prevent your  computer from being disabled or from any information loss.

Call Microsoft Windows Support
+61-1800-572-285 (Toll FREE)

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
  • Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

  • If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
  • If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
  • Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Activation Warning Alert phishing scam QR code
Scan this QR code to have an easy access removal guide of Activation Warning Alert phishing scam on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.