Do not trust websites promoting the "FBI CRIMINAL INVESTIGATION" scam

Damage level: Medium


"FBI CRIMINAL INVESTIGATION" is a scam promoted on various deceptive websites. These sites have been observed being promoted via azurewebsites.net, however, not exclusively. This scam claims that users' devices have been locked, due to content detected on them being in violation of US federal law.

Additionally, this illegal material is apparently dangerous and can cause serious issues. Therefore, users are urged to contact fake Google support. Note that all of the information provided by the "FBI CRIMINAL INVESTIGATION" scheme is false. Furthermore, this scam is in no way associated with the Federal Bureau of Investigation (FBI) or Google LLC.

Most users access deceptive web pages unintentionally - they are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already installed on their systems.


When a website running the "FBI CRIMINAL INVESTIGATION" scheme is accessed, users are presented with a pop-up window. The text presented in it shares similarities with other tech support scams. The pop-up states that a security breach has been detected on users' devices. The system is supposedly infected with a virus, which is known for information theft.

This alert is allegedly provided by Google and it is reporting an unexpected system error/infection. According to the alert, this error/virus has originated from files relating to child pornography that are stored on users' devices.

The data at risk from this is listed as: financial information (e.g. banking account and/or credit card details), email log-in credentials (e.g. usernames and passwords), social networking/media log-in credentials and chat logs, users' private and sensitive files, etc.

The message urges users to call "Google Support". The helplines provided by these types of scams are often presented as free (this is rarely the case).

Scammers typically contact users to trick them into allowing remote access and control of their devices, revealing vulnerable information (information that the "FBI CRIMINAL INVESTIGATION" scheme claims is at risk), paying various fees for "services rendered", and so on.

The text in the background of the web page is presented as a warning, issued to users due to prohibited content being found within their systems. The device has been locked, as the material in it and/or accessed through it, is in violation of articles "161,148, 215 and 301".

The violations are specified as possession of content containing child pornography, bestiality, child abuse and so on. To unlock the device, the scheme states that a fine must be paid within 24 hours. If this is not done within 48 hours, an arrest warrant is then supposedly issued.

Additionally, as the suggested material involves child pornography, many users risk being fined up to fifty thousand US dollars and/or sentenced for twenty years in prison. This part of the scam operates in much the same way as detailed earlier. I.e., the goals are identical, even if they are presented differently.

For example, rather than fees, users are asked to pay fines, and requests for personal information might be stated to be identity verification or similar - remote access being necessary not for technical support services but for alleviation of the allegations.

To summarize, trusting the "FBI CRIMINAL INVESTIGATION" scam can lead to system infections, financial loss, serious privacy issues and identity theft.

As mentioned, PUAs can force-open deceptive/scam and various other dubious web pages, however, these apps can have other capabilities. They can run intrusive advertisement campaigns (i.e. deliver unwanted and harmful ads). Others can modify browser settings to promote fake search engines.

Furthermore, most PUAs can track data. They monitor browsing activity (browsing and search engines histories) and collect personal information derived from it (IP addresses, geolocations and other details). The gathered data is then monetized by sharing with and/or selling to third parties (potentially, cyber criminals).

To protect device integrity and user safety, all suspect applications and browser extensions/plug-ins must be removed without delay.

Threat Summary:
Threat Type Phishing, Scam, Social Engineering, Fraud.
Fake Claim Scam claims users' devices are infected, contain illegal content and have been locked.
Disguise FBI and Google.
Tech Support Scammer Phone Number +1-800-974-4062
Symptoms Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"Windows Alert & Warning", "System Activation KEY has expired", "A virus has been detected on your computer" and "Killer's IP Address" are some examples of similar scams. The The internet is full of various online schemes, which make likewise varied claims.

Popular scam models include warnings that the system is infected or at risk, alerts that an essential piece of software is outdated or missing, fake prize giveaways and likewise fraudulent offers/deals, and so on. Regardless of what these deceptive sites offer, request or demand, the purpose is identical: to generate revenue for the designers.

How did potentially unwanted applications install on my computer?

Some PUAs have "official" download pages, which are often promoted by scam websites. These applications can also be downloaded/installed with other software. This deceptive marketing technique of packing regular programs with unwanted or malicious additions is called "bundling".

Rushing download/installation processes (e.g. skipping steps and sections, etc.) increases the risk of inadvertently allowing bundled content into the system. Once clicked, intrusive advertisements can execute scripts to download/install PUAs without users' permission.

How to avoid installation of potentially unwanted applications

You are advised to research all software before download/installation. All downloads must be done from official and verified sources. Unofficial and free file-hosting sites, Peer-to-Peer sharing networks and other third party downloaders commonly offer deceptive and/or bundled content.

Due to this, these download channels are untrusted. When downloading/installing, read the terms, explore all available options, use the "Custom" or "Advanced" settings and opt-out of supplementary apps, tools, features, etc. Intrusive ads may seem legitimate, however, they can redirect to dubious web pages (e.g. pornography, adult-dating, gambling and others).

If you encounter these ads or redirects, check all devices and immediately remove any suspicious applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Text presented in the "FBI CRIMINAL INVESTIGATION" scam pop-up:



Security Breach Detected
Transfering Your Personal Data  Pictures
This VIRUS is well known for Identity and Credit card Theft


Google security alert!!
Please Contact Google Support +1-800-974-4062


System might be infected due to unexpected error - child Pornography Detected !


Security Breach!


Private and Financial Data is at RISK:
. Your credit card details and banking information
. Your e-mail passwords and other account passwords
. Your Facebook, Skype, AIM, ICQ and other chat logs
. Your private & family photos and other sensitive files
. Your webcam could be accessed remotely by stalkers


IMMEDIATELY CALL Google Support +1-800-974-4062  


Seeing these pop-up's means that you may have a virus installed on your DEVICE which puts the security of your personal data at a serious risk.
It's strongly advised that you call the number above and get your DEVICE inspected before you continue using your internet, especially for Shopping or Banking.


Call immediately for assistance.
Contact Google Support +1-800-974-4062.

Screenshot of "FBI CRIMINAL INVESTIGATION" scam background page:


Text presented in this page:

United States


This device is locked due to the violation of the federal laws of the United State of America


* Article 161
* Article 148
* Article 215
* Article 301
*of the Criminal Code of USA
Your device was used to visit websites containing pornography


Following violations were detected


* Child pornography
* Zoophilia pornography
* Child abuse
* Bulk-spamming
To Unblock this phone the Fines only be paid within 24 hours after the infringement. As soon as 48 hours elapse ARREST WARANT will be issued on your name :


Child pornography laws in the United States specify that child pornography is illegal under federal law and in all states and is punishable by up to 20 years' imprisonment or fine of $50000

The appearance of "FBI CRIMINAL INVESTIGATION" pop-up scam (GIF):


Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
  • Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

  • If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
  • If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
  • Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Scan this QR code to have an easy access removal guide of "FBI CRIMINAL INVESTIGATION" pop-up on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.