Avoid getting scammed by sites displaying a "Windows Firewall Protection Alert"
Written by Tomas Meskauskas on (updated)
What is "Windows Firewall Protection Alert"?
While inspecting rogue websites, our research team found a webpage promoting the "Windows Firewall Protection Alert" technical support scam.
This scheme closely mimics Microsoft's official website and Windows Security – the front-end of Microsoft Defender. The fake interface performs a system scan and detects threats that have led to the user's access to their device being blocked. The scam instructs to call "Windows Support" and resolve the issues.
It must be emphasized that all these claims are false, and they are in no way associated with Microsoft.
"Windows Firewall Protection Alert" scam overview
When we accessed a site running the "Windows Firewall Protection Alert" scam, we were presented with a fake Microsoft website. The page displayed the interface of Windows Security and automatically performed a quick system scan. Once the hoax scan was completed, the scheme presented us with several pop-up windows.
The topmost pop-up – "Windows Firewall Protection Alert" – stated that some features of "Ads.financetrack(1).exe" were blocked on all public and private networks. Due to the presence of the highly suspicious "Ads.financetrack(1).exe", user access to the device was restricted. The scam instructed to call the provided number – thus contacting Windows Support.
As previously mentioned, all these claims are false and not associated with Microsoft. No website can detect threats/issues present on visitors' devices – hence, any that make such claims are scams.
"Windows Firewall Protection Alert" is a tech support scam; it aims to trick victims into calling its fake helpline – thereby luring them into the scammers' trap. These schemes aim to generate revenue at victims' expense; however, how they achieve this goal varies.
Typically, the cyber criminals ask to remotely access the allegedly infected device (e.g., via TeamViewer, UltraViewer, AnyDesk, etc.). Scammers can cause a wide variety of damage once connected, e.g., remove/disable genuine security tools, extract files and data, install fake anti-viruses, and even infect the system with actual malware (e.g., trojans, ransomware, etc.).
Cyber criminals commonly target sensitive information, such as personally identifiable details (e.g., names, personal identification numbers, social security numbers, addresses, etc.), log-in credentials (e.g., online banking, money transferring, digital wallets, social networking/media, emails, and other accounts), and finance-related data (e.g., banking account details, credit card numbers, etc.).
The information can be acquired by simply requesting the victims to state it, type it where the scammers claim to be unable to see it, enter it into phishing websites or files, or the data can be extracted by malware.
While the criminals perform their nefarious deeds, they present themselves as "Microsoft technicians" and daze victims with nonsensical technobabble.
Furthermore, the scammers' "services" tend to be exorbitantly priced, and the payments are to be made using difficult-to-trace methods, e.g., cryptocurrencies, gift cards, pre-paid vouchers, or cash hidden in innocuous-looking packages and shipped. What is more, in many cases, successfully scammed victims are targeted repeatedly.
To summarize, by trusting a technical support scam – users can experience system infections, data loss, severe privacy issues, significant financial losses, and even identity theft.
If you cannot close a scam page – end the browser's process using Windows Task Manager. When you open the browser again, do not restore the previous browsing session since that will reopen the deceptive webpage.
And if you have already allowed scammers to remote access your device, you must first disconnect it from the Internet. Afterward, uninstall the remote access software that the cyber criminals used, as they may not need your consent to reconnect. Lastly, use an anti-virus to run a full system scan and remove all detected threats.
If you believe that your account credentials have been exposed – change the passwords of all potentially compromised accounts and inform their official support.
And if you have disclosed personally-identifiable or finance-related information (e.g., ID card details, passport scans/photos, credit card numbers, etc.) – immediately contact the appropriate authorities.
|Name||"Windows Firewall Protection Alert" tech support scam|
|Threat Type||Phishing, Scam, Social Engineering, Fraud|
|Fake Claim||Device was blocked due to security reasons.|
|Tech Support Scammer Phone Number||+1 (838)-386-8817|
|Symptoms||Fake error messages, fake system warnings, pop-up errors, hoax computer scan.|
|Distribution methods||Compromised websites, rogue online pop-up ads, potentially unwanted applications.|
|Damage||Loss of sensitive private information, monetary loss, identity theft, possible malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Technical support scam examples
We have inspected thousands of online scams; "Your Windows OS Is Damaged", "1978 Act Of Protection Of Children", "Your Windows Got Corrupted Due To Virus", and "Pirated Windows Software detected in this Computer" are just some examples of tech support scams.
The Internet is rife with schemes that use different models, but their end-goal is the same – to generate revenue at victims' expense. Due to how widespread and well-crafted deceptive online content can be, we highly recommend exercising caution when browsing.
How did I open a scam website?
Scam websites can be accessed via pages that use rogue advertising networks. The deceptive sites can be force-opened the moment a rogue webpage is entered or when hosted content is interacted with (e.g., clicking buttons, text input fields, links, etc.).
Additionally, misspelling a website's domain can result in a redirect (or a redirection chain leading) to a scam site. Spam browser notifications and intrusive ads promote online scams as well. Adware can also display scam-endorsing advertisements or force-open websites promoting deceptive content.
How to avoid visiting scam websites?
We strongly advise against using websites that offer pirated material or other questionable services (e.g., Torrenting, illegal streaming/downloading, etc.) since these sites are usually monetized through rogue advertising networks.
Furthermore, it is important to pay attention to URLs and enter them with care. To avoid receiving undesirable browser notifications – do not permit suspicious websites to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, ignore or deny notification requests (i.e., select "Block", "Block Notifications", etc.).
Another recommendation is to download only from official/verified sources and approach installation with care (e.g., read terms, explore available options, use "Custom/Advanced" settings, and opt-out of additions). If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Text presented in "Windows Firewall Protection Alert" scam pop-up:
Windows Firewall Protection Alert
Windows Defender Firewall has blocked some features of Ads.financetrack(1).exe on all public and private networks.
Windows has blocked access to your device for security reasons. Contact Windows Support:
The appearance of "Windows Firewall Protection Alert" pop-up scam (GIF):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Windows Firewall Protection Alert" tech support scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Pop-up scams are deceptive messages intended to trick users into performing specific actions, e.g., calling fake helplines, allowing cyber criminals to remotely access devices, disclosing private data, making monetary transactions, downloading/installing software, purchasing products, and so forth.
What is the purpose of a pop-up scam?
Pop-up scams are designed to generate revenue. Cyber criminals primarily profit by obtaining funds through deception, abusing or selling sensitive information, promoting content, and spreading malware.
Why do I encounter fake pop-ups?
Pop-up scams are promoted on rogue webpages, which are seldom entered intentionally. Most users access such sites via redirects caused by mistyped URLs, pages using rogue advertising networks, spam browser notifications, intrusive ads, or installed adware.
I cannot exit a scam page, how do I close it?
Should it be impossible to close a deceptive webpage, use the Windows Task Manager to end the browser's process. Keep in mind that when the browser is opened again – the previous browsing session must not be restored, as that would reopen the scam page.
I have allowed cyber criminals to remotely access my computer, what should I do?
If you have allowed cyber criminals to remotely access your device – you must disconnect it from the Internet. Afterward, remove the remote access software that the scammers used (e.g., TeamViewer, UltraViewer, AnyDesk, etc.). Then use an anti-virus to perform a full system scan and remove all threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you have provided log-in credentials – change the passwords of all possibly exposed accounts and inform their official support without delay. And if you've disclosed other private data (e.g., ID card details, credit card numbers, etc.) – immediately contact the corresponding authorities.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner is capable of scanning visited websites and detecting deceptive and malicious ones. It can also block access to these websites. Furthermore, Combo Cleaner can detect and eliminate practically all known malware infections. Keep in mind that performing a complete system scan is paramount – since sophisticated malicious programs usually hide deep within systems.
▼ Show Discussion