Unusual Sign-in Attempt POP-UP Scam

What is the "Unusual Sign-in Attempt" pop-up scam?

We analyzed this page and found that it runs a fake Microsoft Defender alert designed to trick visitors into purchasing antivirus software through an affiliate link. The page impersonates a Windows security system - displaying a fabricated sign-in warning, a fake scan, and alarming vulnerability results - before routing visitors to a McAfee website. Microsoft and McAfee are legitimate companies that have no association with this scheme.

Unusual Sign-in Attempt pop-up scam

"Unusual Sign-in Attempt" scam in detail

The scam opens with a red pop-up styled to resemble a Windows security panel. It claims that an unusual sign-in attempt has been detected on the visitor's account and lists fabricated details: a fake IP address, a country, and a browser type. A progress bar labeled "LOADING" adds to the sense that something threatening is actively in progress.

Alongside the main pop-up, a browser notification styled to look like a real Microsoft Defender system alert also appears. It warns that a "system password reset and Wi-Fi data interception attempt" has been detected, and presents "Archive", "Update Protection", and "System Scan" buttons. Both elements are entirely fabricated.

Microsoft Corporation and Windows have no connection to this scheme. Genuine Windows security alerts never appear as browser pop-ups, and no legitimate operating system uses third-party websites to communicate threats.

Interacting with the page moves visitors to a fake Microsoft Defender scan interface. It displays a progress bar, a count of "Issues found" set to 25, and a scrolling list of supposed threat detections using real Windows Defender naming conventions. Web pages cannot scan a computer for threats - only installed software can perform that function - and every result shown here is scripted.

After the fake scan, the page presents a "Detected Critical Vulnerabilities" screen. It warns that system files are corrupted, passwords have been exposed, and account hacking is underway. A progress bar labeled "Copying Data" at 75% suggests data is actively being stolen - another invented visual intended to produce panic.

At the bottom of this screen sits a green "Protect Windows" button. Clicking it redirects visitors to a McAfee website through an affiliate link. Scammers earn a commission if the visitor purchases a subscription through this redirect. McAfee is a legitimate cybersecurity company and has no involvement in this page.

Threat Summary:
Name	Unusual Sign-in Attempt affiliate scam
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	Visitor's computer has been accessed via an unusual sign-in attempt and contains multiple critical security threats
Disguise	Legitimate Microsoft Defender / Windows Security Alert
Related Domain	redirectott[.]com
Threat Status (redirectott[.]com)	PCrisk Website Scanner Results
Symptoms	Fake error messages, fake system warnings, pop-up errors, hoax computer scan.
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Loss of sensitive private information, monetary loss, identity theft, possible malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Online scams in general

Scams of this type exploit the visual design of legitimate security software to manufacture panic. The goal varies, but the core method is consistent: present urgent, alarming information that gives the visitor no time to think critically before taking the desired action.

Some examples of similar scams are "Safety Services", "Your Google Account Was Hacked", and "Your System Is Locked Due To Detected Threats".

How did I open a scam website?

Scam pages of this kind are almost never reached deliberately. The most common route is clicking a deceptive advertisement or pop-up on an unrelated site. Sites offering pirated software, illegal streaming, or torrent downloads frequently generate these redirects through the rogue advertising networks they depend on for revenue.

Phishing emails with disguised links are another route. Some users arrive because they previously allowed browser notifications from a rogue site, which then used those permissions to deliver redirect links. In other cases, adware installed on the device generates the redirects automatically during normal browsing.

How to avoid visiting scam pages?

Deny notification permissions to any website that is not clearly trustworthy. Avoid clicking ads, pop-up buttons, or links on unfamiliar pages, and do not download software from unofficial sources. Sticking to official websites and recognized app stores reduces the risk of landing on deceptive pages.

Be careful with links in emails, especially from senders you do not recognize. Keeping the operating system and all installed applications up to date closes vulnerabilities that rogue software may otherwise exploit. If your browser is already redirecting to pages like this, scan the computer with Combo Cleaner Antivirus for Windows to find and remove any unwanted software automatically.

Text presented in the "Unusual Sign-in Attempt" pop-up:

Windows Security Alert

Unusual Sign-in Attempt

An unusual sign-in attempt has been detected on your account. For your protection, it is recommended that you block this user and run a security scan.

IP: -
Country: -
Browser: -

[Block User]

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

DOWNLOAD Combo Cleaner

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

What is Unusual Sign-in Attempt affiliate scam?
How to identify a pop-up scam?
How do pop-up scams work?
How to remove fake pop-ups?
How to prevent fake pop-ups?
What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

Pop-up scams are deceptive messages that appear in the browser, designed to alarm, frighten, or excite the visitor into taking a harmful action. Common goals include getting the user to call a fake support number, click an affiliate link, hand over personal information, or send money to a scammer.

What is the purpose of a pop-up scam?

The purpose is to generate revenue for those behind the scheme. Depending on the format, this can mean affiliate commissions from software sales, fees paid to fake technical support, personal data sold to other criminals, or stolen credentials used for account takeover.

Why do I encounter fake pop-ups?

Most people encounter these pages after clicking ads on unreliable websites, or because a rogue site they previously visited was granted notification permissions. Adware installed on the device is another common cause - it injects unwanted redirects into normal browsing sessions without any visible sign.

Will Combo Cleaner protect me from pop-up scams?

Yes. Combo Cleaner identifies malicious websites and blocks access before anything can load. When a scam page like this one is detected, Combo Cleaner warns the user immediately and prevents the page from opening.