What is "Windows Defender - Security Warning"?
Generally, scammers behind technical support scams such as this attempt to trick users into believing that their computers are infected, errors exist, etc. They urge users to call the provided number and then pay for unnecessary services and software. In some cases, scammers behind these pages attempt to trick visitors into providing remote access to their computers.
In most cases, users arrive at these sites through other dubious web pages, by clicking deceptive ads, or when installed PUAs open them. In any case, people do not often visit these scam pages intentionally. Note that this site is hosted using the Amazon AWS service provided by Amazon. Scammers and cyber criminals commonly employ this service for malicious purposes.
"Windows Defender - Security Warning" scam overview
The pop-up windows, which appear when this technical support website is visited, state that a Trojan, Spyware with error code #0x898778 has been detected and access to the computer has been blocked. Information such as email accounts, Facebook credentials, banking passwords, pictures and documents have also been compromised.
To restore access to the computer, fix the error, and remove detected threats, visitors are encouraged to call the +1-(888)-351-4098 number. Generally, when scammers behind these websites are contacted, they try to sell unnecessary software to unsuspecting users or trick them into paying for bogus services.
They often ask users for permission to access their computers remotely. In such cases, they use this access to steal sensitive information, infect computers with malware (e.g., ransomware, Trojan), and for other malicious purposes. In any case, ignore all technical support scams.
As mentioned, users often arrive at these pages due to PUAs installed on the browser and/or computer that promote (open) them.
PUAs are designed to open untrusted pages (including technical support scams), collect various user-system information, and serve advertisements. They gather details such as IP addresses, geolocations, addresses of visited websites, entered search queries, etc. In some cases, they are capable of accessing sensitive information as well.
The developers sell gathered data to third parties (potentially, cyber criminals) or misuse it to generate revenue in other ways. Additionally, PUAs can be designed to serve coupons, banners, pop-ups, surveys and other types of ads. When clicked, these can open dubious websites, and sometimes execute scripts designed to cause download/installation of PUAs.
|Name||Windows Defender - Security Warning technical support scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud.|
|Fake Claim||Website has detected Spyware, Trojan and error.|
|Tech Support Scammer Phone Number||+1-888-351-4098, +1-833-930-2284, +1-866-849-1382, +1-877-706-2794, +1-877-591-6339, +1-888-481-2681, +1-888-608-2465|
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Technical support scam examples
As mentioned, scammers behind these websites attempt to deceive unsuspecting visitors into believing that there is something wrong with the operating system/computer, and calling the provided number. Their main goal is to extort money or to gain access to computers remotely. If a browser opens websites of this type, PUA are probably installed on it.
How did potentially unwanted applications install on my computer?
PUAs are often downloaded/installed together with other products. This deceptive marketing technique of pre-packing regular software with unwanted or malicious additions is called "bundling".
By rushing through download/installation of software (e.g. ignoring terms, skipping steps and sections, using "Quick/Express" settings, etc.) many users risk unintentionally allowing bundled content into their devices. Intrusive advertisements proliferate PUAs as well.
When clicked, the ads can execute scripts to download/install these applications without users' permission. Some PUAs have "official" download web pages from which they can be downloaded.
How to avoid installation of potentially unwanted applications
Download software and files from official websites and via direct links. It is not safe to use torrent clients, eMule (or other Peer-to-Peer networks), third party downloaders, unofficial websites or other sources of this kind. Avoid third party installers. Check "Advanced", "Custom" and other settings, and decline offers to download or install unwanted software.
Do not click ads that are displayed on dubious websites, since they can open other untrusted websites or even cause unwanted downloads and installations. Remove any unwanted, suspicious applications (extensions, add-ons, and plug-ins) that are installed on the browser.
The same should be applied to programs of this kind that are installed on the operating system. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
The appearance of "Windows Defender - Security Warning" pop-up scam (GIF):
Text presented in initial pop-up window:
Windows Firewall Protection
Trojan Spyware Alert - Error Code: #0x898778
Access to this PC has been blocked for security reasons.
Contact Windows Support: +1-(888)-351-4098
Threat Detected - Trojan Spyware
Run Anyway Back to Safety
Text in the second pop-up window:
Windows Defender - Security Warning
** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **
Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.
> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents
Windows Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.
You must contact us immediately so that our engineers can walk you through the removal process over the phone.
Call Microsoft Support immediately to report this threat, prevent identity theft and unlock access to this device.
Closing this window will put your personal information at risk and lead to a suspension of your Windows Registration.
Call Microsoft Support: +1-(888)-351-4098 (USA Toll Free)
Text in the background:
Error: Unknown System Failure!
(USA Toll Free)
Windows Defender Scan
You Are Protected
Protection Updates: Current
Last Scan: Not available | Quick Scan
Licenses Used: 1 of 5 | Install on Another Device
Security Protected Identity Protected Performance Protected Firewall Protected
SUBSCRIPTION STATUS: 2 Days Remaining
Another variant of "Windows Defender - Security Warning" pop-up scam:
Another example of "Windows Defender - Security Warning" pop-up scam:
Text presented within:
Windows Defender - Security Warning
Threat detected: Trojan Spyware
Windows was blocked due to questionable activity.
Contact Technical Support: +1-833-930-2284
Appearance of this "Windows Defender - Security Warning" scam variant (GIF):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is Windows Defender - Security Warning technical support scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Essentially, pop-up scams are messages designed to trick users into performing specific actions. For example, victims can be enticed/scared into calling fake support lines, allowing cyber criminals to remotely access their computers, downloading/installing and/or purchasing software, making monetary transactions, disclosing private information, etc.
What is the purpose of a pop-up scam?
Pop-up scams are designed to generate revenue. Cyber criminals can profit by obtaining funds through deception, abusing or selling private data, promoting apps, proliferating malware, and so on.
Why do I encounter fake pop-ups?
Pop-up scams are promoted on various deceptive sites. Most users enter these websites via redirects caused by webpages using rogue advertising networks, spam browser notifications, mistyped URLs, intrusive ads, or installed adware.
I cannot exit a scam page, how do I close it?
If you cannot close a deceptive website, use the Windows Task Manager to end the browser's process. However, when reopening the browser - do not restore the previous browsing session since that will open the scam site as well.
I have allowed cyber criminals to remotely access my computer, what should I do?
If you have allowed scammers to access your computer, first - you must disconnect it from the Internet. Secondly, uninstall the remote access software the cyber criminals used to connect to your device (e.g., TeamViewer, AnyDesk, etc.) since they may not need your permission to reconnect. Lastly, use an anti-virus program to scan your system and remove all detected threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you have provided account credentials - change the passwords of all potentially compromised accounts and inform their official support without delay. And if you have disclosed other private data (e.g., ID card details, credit card numbers, etc.) - immediately contact the corresponding authorities.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner can scan visited websites and detect deceptive and malicious ones. Furthermore, it can block access to these sites. Combo Cleaner can also scan devices and eliminate practically all known malware infections. It has to be stressed that malicious programs typically hide deep within systems - therefore, performing a complete system scan is paramount.