Avoid being scammed by websites displaying "Covid19 Warning Alert"

What is the "Covid19 Warning Alert"?

"Covid19 Warning Alert" is a scam promoted on deceptive websites. The scheme claims that users must contact tech support, as their devices have been infected with malware and COVID-19 (which is an infectious disease, not a computer virus). Note that all of the information provided by "Covid19 Warning Alert" is false.

Typically, these deceptive sites are accessed via redirects caused by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.

When a web page running "Covid19 Warning Alert" is accessed, visitors are presented with a pop-up window. This warns users not to ignore the "critical alert", since, if the page is closed, users' computers and families will be infected/linked with the Coronavirus (though the pop-up does not elaborate on how this is possible).

The device has apparently already been compromised by spyware and other viruses, including COVID-19. The targeted information is listed as: email account and Facebook log-in credentials, credit card details, files stored on the device (e.g. photographs, documents, etc.).

To prevent further damage, the computer may be blocked. Users are instructed to call "free" technical support helpline to retain access and remove the malware. The text presented in the background page is very similar to the fake alert displayed in the pop-up window. It is stated that if users ignore the warnings, they will be infected with the Coronavirus.

Allegedly, this alert has been verified by the Federal Bureau of Investigation (FBI) and the World Health Organization (WHO). The message then closely mimics the pop-up, however, the background page claims that if the pop-up is closed, other users are somehow infected.

Similarly, this fraudulent warning keeps urging users to call the provided telephone number. Despite the fake helplines being presented as "free" in such scams, this is rarely the case. Scammers use these schemes to trick people into revealing personal/sensitive information, paying bogus "fees" and/or allowing access to their computers.

The latter can be achieved through remote access software, however, the actions performed through these programs can vary drastically. The initial access may be used to infect the device with malicious software such as Remote Access Trojans (RATs) to ensure indefinite access and control, and also ransomware, cryptominers, and other malware.

From successfully compromised systems or the users themselves, scammers can extract private data (e.g. names, addresses, emails, banking account and/or credit card details, etc.). The "services" of scammers are not free and users are often required to pay for them.

Furthermore, victims can be continually targeted, especially if trust and/or rapport has been successfully established by the scammers. To summarize, trusting the "Covid19 Warning Alert" can result in system infections, significant financial loss, serious privacy issues and even identity theft. In some cases, scam websites may prevent users from closing them.

To close such a page, the browser process must be ended via Windows Task Manager. Additionally, the next time the browser is opened, it is important to remember not to restore the previous browsing session, as this will reopen the deceptive website.

As mentioned in the introduction, PUAs can force-open various harmful sites, however, these applications can have additional capabilities. Adware-types can deliver intrusive advertisements (e.g. pop-ups, banners, coupons, etc.). Other types called browser hijackers can modify browser settings to promote fake search engines.

Furthermore, most PUAs (regardless of type) can track data. They monitor browsing activity (URLs visited, pages viewed, search queries typed, etc.) and collect personal information derived from it (IP addresses, geolocations and other details). The gathered data is shared with and/or sold to third parties (potentially, cyber criminals).

To ensure device integrity and user privacy, all suspicious apps and browser extensions/plug-ins must be eliminated without delay.

Threat Summary:

Name	Covid19 Warning Alert tech support scam
Threat Type	Phishing, Scam, Social Engineering, Fraud.
Fake Claim	Scam claims users' devices are infected with viruses and may be blocked.
Tech Support Scammer Phone Number	+1-888-651-2369
Related Domains	covid-alert.epizy[.]com
Detection Names (covid-alert.epizy[.]com)	Sophos AV (Suspicious), Full List Of Detections (VirusTotal)
Serving IP Address	185.27.134.225
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

"Windows Alert & Warning", "System Activation KEY Has Expired" and "Killer's IP Address" are some examples of similar tech support scams. The web is full of deceptive websites that make varied claims, ranging from warnings of infected devices to offering "unbelievable" prizes.

Despite how good these scams may sound, they have just one purpose: to generate revenue at users' expense. Therefore, you are strongly advised to exercise caution when browsing.

How did potentially unwanted applications install on my computer?

Some PUAs have "official" download pages, which are often promoted by scam websites, however, these applications are more commonly downloaded/installed with other products. This deceptive marketing technique of packing regular programs with unwanted or malicious additions is called "bundling".

Rushing download/installation processes (e.g. ignoring terms, using presets, etc.) increases the risk of unintentionally allowing dubious and/or bundled software into systems. Intrusive advertisements proliferate PUAs as well. When clicked, they can execute scripts to make stealthy downloads/installations.

How to avoid installation of potentially unwanted applications

You are strongly advised to research all products before download/installation. Use only official and verified download channels. Untrusted sources such as unofficial and free file-hosting websites, Peer-to-Peer sharing networks (BitTorrent, eMule, Gnutella, etc.) and other third party downloaders can offer bundled content.

When downloading/installing, read the terms, explore all possible options, use the "Custom/Advanced" settings and opt-out of supplementary apps, tools, features, and so on. Intrusive ads may seem normal and harmless, however, they can redirect to dubious web pages (e.g. gambling, pornography, adult-dating, etc.).

If you encounter advertisements and/or redirects of this kind, inspect the system and remove all suspect applications and browser extensions/plug-ins immediately. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Screenshot of the displayed pop-up window:

Text presented in "Covid19 Warning Alert" scam:

Pop-up:

 

Important Warning:

 

** Covid18 Warning Alert **

 

ERROR # 0x03JWO2FCORONAVIRUS34

 

Please call us immediately at:
+1-888-651-2369 (Windows and nCov-19 Toll Free)
Do not ignore this critical alert or risk be infected.
if you close this page, your computer access will be  with coronavirus, linke your family. And disabled to prevent further damage to our network. Your computer has alerted us that it has been infected with a Pornographic Spyware and virus and covid19. The following information is being stolen and hacked:

 

1.Facebook Logins
2.Credit Card Details
3.Email Account Logins
4.Photos and documents stored on this computer
5.Your Familiy's serials

 

Please call us within the next 5 minutes to prevent your computer from being disabled from any information loss.

 

Windows Toll Free: +1-888-651-2369

 

-------------------

 

Background:

 

Error Logged at: Wed Aug 5 2020 20:06pmSun Mar 1 2020 11:59am
Windows Diagnostics IP Address: 129.0.0.1
Call Support +1-888-651-2369

 

ERROR # 0x03JWO2FCORONAVIRUS34

 

Please call us immediately at:
+1-888-651-2369 (Toll Free)+1-888-651-2369
(Toll Free)
Do not ignore this critical alert or you will be infected with
coronavirus. This is proofed by FBI and WHO
If you close this page, your computer access will be disabled to
prevent further damage to our network.
Your computer has alerted us that it has been infected with
Pornographic Spyware and coronavirus and. The following
information is being stolen:

 

1.Facebook logins
2.Credit Card details
3.Email Account Logins
4.Photos and documents stored on this computer

 

Please don't close this popup, if you don't wanna infecting users.
 process over the phone to protect your identity. Please call us
 within the next 5 minutes to prevent your computer from being
 disabled or from any information loss.
 
 Call Windows Support
 +1-888-651-2369 (Toll FREE)
 
 NOVEL CORONAVIRUS
 2019-NCOV

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Covid19 Warning Alert tech support scam?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion