If you haven't already encountered a fake virus alert, chances are you will sooner or later. Here's a common scenario; you're surfing the Web going about your business when suddenly you're accosted by a browser window emphatically warning you about a serious virus infection and directing you to call a toll-free number for help eliminating it.
Lest we bury the lead, it's important to mention right up front that this type of warning is almost certainly bogus. This scam, commonly known as the "fake browser security warning," has been around for a while but, based on the number of calls I've received about them over the past six months, it appears to be on the upswing.
These ersatz warnings are designed to look official, are often difficult to bypass, and aim to fool you into acting quickly without thinking and thus doing the bad guys' dirty work for them. Here are more examples of what they might look like. The scam's ultimate goal is two-fold: either get you to pay a fee for "fixing" your computer, or worse, gain remote access to your computer and look for personal data to exploit.
Fake browser security warnings will feign error messages and warn you about impending doom unless you call a toll-free number.
In this article, I'll tell you how the fake browser security warning scam works, how to minimize the odds of coming across one and, if you do, how to extricate yourself with both your money and your personal info intact.
How to Avoid Fake Virus Warnings
Here's the first thing you need to know about fake browser warnings; there's no surefire way to avoid them. Since they don't actually contain any malicious code, anti-malware tools typically won't identify or block them. However, three particular browsing habits place you at greater risk for fake browser warnings—avoid them, and you'll greatly reduce the odds of seeing one.
- The first is mistyping URLs. Type the wrong character (or an extra one) in a website address and you may very well find yourself instantly redirected to what's called a "typosquatted" domain name and a fake browser warning page.
- The second is indiscriminately clicking on the top results of a Web search. Depending on what you searched for, the top hits often contain sponsored links, which in turn often lead to questionable websites.
- The third is using free Web-based services of dubious provenance or legality, including some (though not all) that convert files from one format to another, or those that let you download clips from video hosting sites such as YouTube.
How to Deal with Fake Virus Warnings
When you come face-to-face with a fake browser security warning, you'll notice that it purports to be from a familiar and legitimate company—often Microsoft, but also frequently Symantec/Norton, McAfee, or your ISP (which is easy for scammers to determine based on your IP address).
These warnings usually display a list of specific viruses or errors allegedly afflicting your computer. They sometimes feign a famous "blue screen" error and often claim that shutting down your browser or computer could lead to data loss and/or prevent your computer from starting up again. To heighten the emotional impact, to create a sense of urgency, and to sow panic, some fake browser security warnings even play an audio file with a human or synthesized voice on an endless loop admonishing you to take immediate action.
Contrary to what these scams would have you believe, shutting down your browser or the computer won't cause any damage. Then again, these actions may not get rid of the fake warning either. Sometimes simply closing the relevant browser window or tab is enough to send it packing, but more often than not these warnings prevent you from closing them—or they automatically re-spawn the instant that you do (or they prevent you from closing the browser).
To thwart the fake warning you must kill the browser process that's displaying the warning, and the way you do that (as well as the ramifications of doing so) depends on the browser you're using.
Google's Chrome browser makes this easier than others, so we'll start there.
Killing Fake Virus Warnings in Chrome
Just as the Windows Task Manager lets you selectively end hung, crashed, or misbehaving programs, Chrome has its own task manager that lets you do the same thing for browser tabs.
Press the SHIFT+ESC keys to open Chrome's Task Manager (be sure Chrome is the active application first). Next, click the Task heading to sort the list, and scroll to where the entries start with the prefix Tab:.
Chrome is the only major browser that lets you selectively close browser tabs.
Now, find the tab with the same name as the bogus warning, highlight it, and click End process. You'll see the tab's contents replaced with the familiar Aw, Snap! "sad folder" graphic, at which time you can close the tab and get on with your life (be sure not to click that conspicuous blue "Reload" button, for obvious reasons).
Killing Fake Virus Warnings on Other Browsers
The nice thing about Chrome's Task Manager is that it lets you isolate and kill an offending tab without affecting any others that are running. Unfortunately, other browsers such as Microsoft Internet Explorer, Microsoft Edge, and Mozilla Firefox don't provide their own task managers.
To kill a fake browser warning in one of these browsers, you must force the entire browser to close. To do that, you need the help of Windows Task Manager, which you summon by pressing the CTRL+SHIFT+ESC keys.
For browsers other than Chrome, use Windows Task Manager to close out the browser task (which will kill all the tabs).
When the Task Manager opens, find the Apps category under the Processes tab (Windows 10 or 8.x). In Windows 7, just look for the Applications tab. Then highlight the entry for the browser you're using and click End Task. (You may need to wait several seconds for a confirmation window to appear.)
Note: although the browser listing usually (though not always) references the name of the tab with the fake security warning, ending the task will kill ALL of the open tabs in your browser. While both task managers let you view and end the individual processes that represent numerous open browser tabs, they aren't specifically labeled, which means there's no way to identify a particular process as affiliated with a particular tab.
One exception to the above, interestingly enough, is if you're using Internet Explorer 11 on Windows 10 or Windows 8.x. In this case, if you expand the Task Manager entry for Internet Explorer you will see each open tab listed separately, which you can then individually kill via End Task.
Browsers—such as Chrome in this example—may display legitimate warnings if you attempt to visit a known phishing site.
It's important to note that whenever a Web browser shuts down abnormally, the next time you open it you'll probably be asked if you want to restore your previous browser session. Don't do that, as it will reopen everything you had open before, including the site that gave you the bogus warning. As an alternative, use the browser's history feature (CTRL+Hkeys on all browsers) to view and selectively open only the tabs you want.
One final thought: there is such a thing as a legitimate browser security warning. For example, depending on the browser (and what plug-ins or extensions you use) you may be warned if you attempt to visit a known phishing site, and all browsers will warn you if a site you're about to visit has an expired or invalid SSL certificate.
A good rule of thumb: if your browser displays a security warning that advises you not to do something, it's probably a legit warning. But if it's warning you to do take action—especially if it's heavy handed about it—it's probably a fake.
Joseph Moran is a technology writer and IT consultant specializing in services for consumers and small businesses. He's written extensively for numerous print and online publications, and is the author of File Management Made Simple, Windows Edition from Apress.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|