The internet, while there are many great things about it, has unfortunately become a breeding ground for website scams. Among the various scams that I am often asked to help with, fake Microsoft or FBI warning scams have become alarmingly prevalent. Targeting unsuspecting individuals, these scams aim to deceive, extort, and exploit innocent users. In this post, I’ll shed some light on how these work, and explain how to protect yourself.
The Tactics of Fake Warning Website Scams
The cybercriminals or scammers use different tricks, trying to find what works. They have a tried and true method. I used to see or hear about them coming from popups on websites. The last few years, they have moved away from that. They are now, most often, taking over websites with bad security. Once they take over the site, anyone that visits it, will see the scam warnings from Microsoft or the FBI. Third-party ad agencies also place ads online on many websites. The scammers are also using methods to hide the bad URLs from the ad agencies and once the ad is placed, you could potentially come across their ad on a good website that isn’t actually compromised.
The scams try to instill fear in the user. They warn that the user’s computer has security threat like a virus or that they have done something illegal online. Most often, neither are true.
Additionally, in some of the scams that clients have told me about, they call your phone number at random, intimidating users by impersonating Microsoft support personnel or law enforcement officers from the FBI. These malicious actors will adopt an authoritative tone, demanding immediate action to rectify the stated security issue. In some cases, victims are coerced into granting remote access to their computers, enabling scammers to plant malware or steal sensitive information. The phone call technique has been used less over the last few years but it still happens.
Sometimes these are combined. When a user comes across a website with a warning, they are always asked to call “Microsoft” at a number shown on-screen. If you call them and hang up, I have heard of them harassing people, they will call back repeatedly. I’ve also had a client who said the caller claimed to be from her bank’s security department.
Here’s an example of what it may look like.
Example of a website scam with a fake warning from Microsoft.
Recognizing the Red Flags
To protect yourself from falling prey to these website scams, it is crucial to be aware of the red flags that can indicate their presence. Be cautious when encountering the following warning signs:
- Unsolicited Contact: Legitimate organizations like Microsoft or the FBI will not make contact unexpectedly. Be skeptical if you receive an unsolicited phone call or encounter a pop-up message claiming to be from either of these organizations.
- Urgency and Intimidation: Scammers often employ aggressive tactics to create a sense of urgency and panic. Genuine support services or law enforcement agencies will not resort to threats, intimidation, or immediate demands for financial compensation.
- Request for Payment: Authentic support providers will never require immediate payment or ask for access to your personal or financial information over the phone.
- Unprofessional Communication: Pay attention to the language, spelling errors, and unprofessionalism within the messages or phone calls. Legitimate organizations maintain high standards of communication.
Protecting Yourself From Website Scams
While navigating the web, preventive measures can help safeguard against falling victim to these scams:
- Install a Trusted Security Software: Utilize reputable antivirus software and keep it updated regularly to mitigate potential threats. Free anti-virus software such as AVG, Avast and Avira usually do a poor job of protection. It’s better than nothing but not better than the built-in Windows Security that is included in Windows 10 or 11. Your protection should scan for viruses, spyware and potentially unwanted programs (PUPs) and monitor the behavior of software running on your computer.I recommend Emsisoft Anti-Malware, Malwarebytes or ESET. I am a reseller for Emsisoft and Malwarebytes so if you purchase a license with us, if you ever have an issue with the software, you can get support from us rather than a typically lengthy email conversation, or posting to a forum on the vendors website.
- Enable Automatic Updates: Ensure your operating system, web browsers, and software applications are set to receive automatic updates to minimize vulnerabilities.Windows 10 and 11 both automatically update but I often see computers that have software installed that disabled the automatic updates. The reason Microsoft forced it was because so many users disabled the updates on Windows 7 and because of that, there were many undetected threats that spread over botnets and users blamed Microsoft for poor security. Apple by default updates automatically but has a setting to disable their updates.Out-of-date computers no longer getting updates from Microsoft or Apple should not be online. The updates patch security problems found that the cybercriminals use to breach the security of your computer or network. Updates will not stop the scams but can help to make sure if there is compromised software running on your computer, that it can be found and removed.
- Educate Yourself: Stay informed about the latest scams and familiarize yourself with the tactics employed by cybercriminals. Share knowledge (like this page) with friends, family, and colleagues to help protect others.
- Practice Safe Browsing: Avoid clicking on suspicious links or downloading files from untrusted sources. Verify the legitimacy of a website by checking the URL for authenticity and the presence of “HTTPS” in the address bar.
- Do not download add-ons or web browser extensions that you are asked to install to view a website or video. Those are almost always spyware. They often change your search results, making it look like you are using your normal search engine, but they change the links so the site you thought you were going to, was not where you ended up at. Typically, when I’ve done clean-ups after a scam, I find extensions for maps searches, shopping discounts or similar ones that claim to be helpful.
The internet changes at a fast pace. It is important to be aware of the types of website scams that are common on the internet. By recognizing the red flags, remaining skeptical of unsolicited messages or calls, and adopting preventive measures, users can fortify their defenses against these deceptive cyber threats. In the digital realm, a cautious and informed approach is our best line of defense.
If you happen to be a victim of these website scams and gave someone remote access to your computer or the website will not go away, please give us a call or send a message to request service. You can also report these issues to the FTC or Microsoft.