What kind of scam is "Firewall Update Required"?
Our researchers discovered the "Firewall Update Required" scam during a routine inspection of deceptive websites. Upon investigation, we determined that this is a technical support scam. It falsely claims that the user's device is infected due to outdated Windows firewall security.
The goal is to deceive victims into contacting fake tech support and luring them into an elaborate scheme that can result in a variety of incredibly severe issues.
"Firewall Update Required" scam overview
When a site running "Firewall Update Required" is accessed, the visitor is presented with explicit adult-oriented content, which is overlaid by pop-ups mimicking the Windows color palette and formatting. The topmost pop-up window is titled "Firewall Update Required" and proclaims that the "Windows firewall security" is not updated.
The window behind it states that the user's system has issued reports regarding malware infections. The potential threats are listed, and the user is urged to call "Customer Support". After the "Update" button on the topmost pop-up is pressed, the window is closed.
The threat-detailing pop-up is brought to the forefront, and the pornographic content in the background is changed to a well-known Windows wallpaper. However, the fake alert is then quickly overlaid by more pop-ups.
One of the windows claims that a "System Failure" occurred, and the software update encountered an error. The user is warned that some system features were disabled for security reasons, and a pop-up presented atop all the rest requests a password to unlock the device. Throughout the scam, the user is encouraged to call the provided helpline.
It must be emphasized that all the information provided by "Firewall Update Required" is false, and this scam is in no way associated with Windows, Microsoft, or any other legitimate products, services, or companies.
The scheme itself starts after contact is made with the scammers, who continue the pretense of being "expert technicians", "customer support", "Microsoft-certified technicians", etc.
Threats posed by tech support scammers
Cyber criminals can cause a wide variety of damage once connected to victims' devices. They can disable or uninstall genuine security tools, install fake anti-viruses, obtain sensitive data, and even cause real malware infections (e.g., trojans, ransomware, cryptominers, etc.).
Scammers primarily target the following information – log-in credentials of various accounts (e.g., emails, social media, e-commerce, money transferring, online banking, cryptowallets, etc.), personally identifiable details (e.g., names, ages, occupations, marital statuses, addresses, contact info, etc.), and finance-related data (e.g., credit card numbers, banking account details, etc.).
Victims can be tricked into disclosing the information over the phone, entering it where it supposedly cannot be seen by the scammer, or typing it into phishing websites/files. Data-stealing malware can also be used for this purpose.
Since the cyber criminals pretend to be genuine support, their services come with fees. These bogus payments tend to be exorbitantly priced. Difficult-to-trace methods are typically used for fund acquisition, e.g., cryptocurrencies, pre-paid vouchers, gift cards, or cash hidden in packages and shipped.
Using these methods increases the likelihood that the criminals will avoid persecution and victims will be unable to retrieve their funds. It is pertinent to mention that successfully scammed users are often targeted repeatedly.
To summarize, victims of scams like "Firewall Update Required" can experience system infections, serious privacy issues, significant financial losses, and even identity theft.
Should it be impossible to exit a scam page – end the browser's process using Windows Task Manager. Note that restoring the previous browsing session will reopen the deceptive website. Hence, start a new session after re-accessing the browser.
If you have allowed scammers to access your device remotely – you must first disconnect it from the Internet. Afterward, uninstall the remote access program that the cyber criminals used (as they may not need your permission to reconnect). Lastly, run a full system scan with an anti-virus and remove all detected threats.
If you believe that your log-in credentials have been exposed – change the passwords of all potentially compromised accounts and inform their official support without delay. In case you have disclosed other private data to scammers (e.g., ID card details, passport scans/photos, credit card numbers, etc.) – immediately contact the appropriate authorities.
|"Firewall Update Required" tech support scam
|Phishing, Scam, Social Engineering, Fraud
|User's device is infected due to outdated firewall security.
|Tech Support Scammer Phone Number
|+1 (805) 765 2480, +1-801-948-3075, +1 (877) 436 7419, +1-828-785-5426
|Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
|Compromised websites, rogue online pop-up ads, potentially unwanted applications.
|Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
|Malware Removal (Windows)
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Similar scam examples
"Threat Service Has Stopped", "Our Security Scans Have Detected Potential Vulnerabilities", "Windows EROOR CODE 0X02333", and "Virus/Malware Infections Have Been Recognized" are merely a few examples of tech support scams that we have analyzed recently.
This scam model is quite popular, but it is just one type of scheme available online. Various false claims are used to gain and subsequently abuse victims' trust.
While Internet scams are notorious for being riddled with errors, they may also be competently disguised as content from legitimate service providers, companies, institutions, organizations, or other entities.
How did I open a scam website?
Scam webpages can be force-opened the moment a site that uses rogue advertising networks is accessed. Alternatively, rogue pages can generate redirects to the former when hosted content is interacted with (e.g., clicking pop-ups, text input fields, ads, links, etc.).
Mistyping a website's URL can result in a redirect (or a redirection chain leading) to such a page. Additionally, spam browser notifications and intrusive advertisements endorse scams.
Adware can also display adverts that promote scams or force-open sites running them. Spam in general (e.g., emails, PMs/DMs, SMSes, social media/ forum posts, etc.) is utilized in scam promotion.
How to avoid visiting scam websites?
The Internet is rife with deceptive and malicious content that appears legitimate and harmless. Therefore, we strongly recommend caution while browsing.
Intrusive ads and spam browser notifications are prime examples; while they look innocuous – these adverts redirect to highly questionable sites (e.g., scam-promoting, gambling, pornography, adult dating, etc.).
To avoid receiving unwanted browser notifications – do not enable suspect pages to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, deny or ignore notification requests from such webpages (i.e., press "Block", "Block Notifications", etc.).
We advise against using websites hosting pirated software/media or offering other dubious services (e.g., Torrenting, illegal streaming/downloading, etc.), as they are typically monetized via rogue advertising networks. Another recommendation is to pay attention to URLs and enter them with care.
To prevent bundled/harmful programs from infiltrating the system – download only from official/verified channels and treat installations with caution (e.g., read terms, study available options, use "Custom/Advanced" settings, and opt out of all additional apps, extensions, tools, etc.).
If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Screenshot of the second and third pop-ups:
Full appearance of "Firewall Update Required" pop-up scam (GIF):
Text presented in the "Firewall Update Required" scam:
Firewall Update Required
System has identified that your Windows firewall security is not updated.
Publisher: Windows Defender Firewall
Warning: Critical System Operations Ongoing. Do Not Turn Off Your Device. It may cause system failure or critical error. If you are unable to unlock, you can contact customer support for assistance and take immediate action to prevent damage. If you're having trouble activating security, Get in touch with Windows Customer Support
Your system has reported us that it has been infected by trojen or spyware. following data has been compromised
> Email security
> Bank credentianl
> IP address has been conflict
The Windows firewall has detected unwanted run dll32 files that have the potential to steal your data, online access, passwords, and personal identity
You need to take action immediately to prevent and fix security protection
Calzl customer support toreport this threat and unlock the device
Always take security protocol seriously.
Customer Support: +1 (805) 765 2480
Error updating software: #009292w099738H98
Avoid turning off the computer. It might damage the hard drive or cause a system crash.
Some features have been disabled for security reasons. Please get in touch with customer support.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is "Firewall Update Required" tech support scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Pop-up scams are deceptive messages intended to trick users into performing specific actions. For example, victims can be lured into calling fake support lines, allowing scammers to access devices remotely, disclosing private information, making monetary transactions, downloading/installing software, etc.
What is the purpose of a pop-up scam?
The purpose of pop-up scams is to generate revenue. Cyber criminals primarily profit by acquiring funds through deception, abusing or selling sensitive data, promoting content (e.g., websites, software, products, services, etc.), and proliferating malware.
Why do I encounter fake pop-ups?
Pop-up scams are promoted on deceptive webpages. Most visitors access them via redirects caused by sites using rogue advertising networks, misspelled URLs, spam browser notifications, intrusive ads, or installed adware.
I cannot exit a scam page, how do I close it?
If a scam page cannot be exited, the browser's process has to be terminated using Task Manager. Keep in mind that restoring the previous browsing session will restore the deceptive site. Hence, start a new session when re-accessing the browser.
I have allowed cyber criminals to remotely access my computer, what should I do?
If you have permitted cyber criminals to access your computer remotely, disconnect it from the Internet. Remove the remote access software (e.g., UltraViewer, TeamViewer, etc.) that the criminals used since they may not need your consent to reconnect. Lastly, run a full system scan with an anti-virus and eliminate all detected threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you have provided your log-in credentials – change the passwords of all potentially compromised accounts and inform their official support. However, if the disclosed data was of a different personal nature (e.g., ID card details, passport scans/photos, credit card numbers, etc.) – immediately contact relevant authorities.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner can scan visited websites and detect deceptive and malicious ones. It can block all further access to these sites. Additionally, Combo Cleaner is capable of scanning systems and eliminating most of the known malware infections. Keep in mind that since sophisticated malicious programs typically hide deep within systems – running a complete system scan is paramount.