Note: Browser tech support scams target both Windows and Mac users. The scam websites can often detect what operating system you are using and will load a fake alert popup that specifically targets your system. This report discusses a Mac version of the scam. I discuss the Windows version in a separate report.
While browsing the web, a “critical alert” message may suddenly appear that claims that your Mac has been blocked and you must urgently call a support number to seek help.
The pop-up message will claim that your Mac has been infected with viruses and spyware and that sensitive personal information such as credit card numbers and account login details are currently being stolen. It claims that you must call the number displayed immediately so that Apple’s “engineers can walk you through the removal process over the phone”.
It further warns that, if you don’t call within 5 minutes, your Mac will be disabled to prevent damage to the network.
Once the popup appears, you may not be able to close it or your browser in the normal way. It may appear that your computer has already been blocked or disabled as threatened in the alert message.
The web page under the pop-up alert window is designed to look like it is part of the official Apple website and may display the AppleCare logo.
However, the alert is not a genuine security notification and the site has not actually detected any viruses on your Mac. The alert is designed to panic you into calling online criminals posing as tech support workers.
If you do call the listed number, the fake tech support worker who answers you will likely claim that you must pay an immediate support service fee over the phone using your credit card. The scammers may be quite threatening and claim that there will be dire consequences if you do not pay to have the problem rectified straight away.
The scammers may also instruct you to download remote access software that will allow them to take control of your computer. They will claim that the software will allow them to connect to your computer and remove the supposed virus infection. Once they have gained access, the scammers can rifle through your computer files and steal more of your personal information.
They may also install malware on your computer. This malware can subsequently harvest sensitive information such as banking passwords from your computer and transmit it back to the criminals. And, it can allow the criminals to continue accessing your computer even after the remote access software has been removed.
How to deal with this tech support scam
If you encounter this scam, do not call the listed number under any circumstances. Instead, you need to terminate your browser session. As noted, you may not be able to close your browser in the way you usually do. Here’s what to do:
1: Hit Command + Option + Esc to open the “Force Quit Applications” window.
2: Select the name of the browser you are using and hit the “Force Quit” button.
If the fake alert website continues to appear after you have closed and reopened your browser, you may need to take further steps as described in this article.
You should also scan your computer for malware. We recommend Malwarebytes, which is free for home users.
Keep in mind that tech companies such as Apple and Microsoft do not monitor your computer for virus infections or security issues. They will never block or disable your computer from afar and they will never demand that you call them to rectify a supposed problem. Nor will they ever cold call you about a supposed virus infection or hack attempt.
Variations of the scam
There are many versions of this scam. Details in the popup alert may vary considerably. They may list different phone numbers and claim to be from different companies. In some cases, they may claim that your computer has been hacked rather than infected with viruses.
And, fake browser blockers are not the only way that tech support scammers find victims. In many cases, the scammers will simply cold call people and claim that their computer has been hacked or has been transmitting viruses. Once these phone scammers have a victim on the line, they will use the same tactics as described above.
An example of the scam message:
Transcript of the popup alert message
YOUR MAC HAS BEEN BLOCKED **
Error # 268D3
Please call us immediately at: 1800-316-859
Do not ignore this critical alert.
If you close this page, your mac access will be disabled to prevent further damage to our network.
Your mac has alerted us that it has been infected with a virus and spyware. The following information is being stolen…
Credit Card Details
Email Account Login
Photos stored on this mac
You must contact us immediately so that our engineers can walk you through the removal process over the phone. Please call us within the next 5 minutes to prevent your mac from being disabled.
Toll Free: 1800-316-859
Screenshot of the popup window:
Screenshot of the underlying fake Apple Care page: