We have recently seen an increase in the number of users reporting an issue with their web browsers (Safari, Chrome, or Firefox), where a pop-up alert window appears instructing them that their computer may have been hijacked or that there is a "major security issue". The window may even have a phone number to call as seen below:
What You Should Do If You See One of These Windows?
It's important to understand that this is not a computer virus, and your Mac has not been infected with any malware. It is also very important that you do NOT call the phone number listed in this window. This is a scam, and you should not spend any money or share your personal information with anyone to get rid of these messages. If you do happen to call one of these phone numbers, you will more than likely be asked to install special software on your Mac that will allow them to remotely access information on your computer and possibly compromise your system further.
Removing the Alert From Your Web Browser:
If you see this message in your web browser, follow the instructions below to clear this threat:
Update: The process for resetting Safari has changed with Mac OS X Yosemite or higher.
Curiously, Apple has actually made this process a lot more difficult than it used to be. There are now three different areas inside Safari for removing certain information. To reset Safari, follow these steps:
In the Safari menu, choose "Preferences..."
Click the 'Privacy' button at the top of the new window that appears, and then click the "Remove All Website Data" button. It will ask you if you are sure you want to remove all data stored by websites on your computer.
Select "Remove Now" to clear data that could be used to track your browsing.
Next, you'll want to clear caches. To do so, you now have to enable Develop mode to clear Safari caches:
- From your Safari menu bar, click Safari > Preferences, then select the Advanced tab.
- Enable the checkbox to "Show Develop menu in menu bar".
- Now from the menu bar, click Develop > Empty Caches.
For older versions of Safari 7.x and lower:
For Chrome or Firefox instructions, click the appropriate links:
The other tactic simply targets the function that resumes open windows after a crash, which can be done by holding the Shift key while starting Safari.
First you will need to force-quit Safari as you would expect, either by going to the Apple menu and choosing “Force Quit” and choosing to quit Safari, or by using the keyboard-combination Command + Option + Escape (Cmd+Alt+Esc) to bring up the same window.
The second step is to hold the Shift key while relaunching Safari, which restarts the browser without reloading any previously open windows.
If neither of the steps above work, then you will want to manually delete files from your computer to fix the issue for good.
First, you will need to go to your Preferences folder. Open a Finder window. Click: Go > Go to Folder... in the top menu bar:
Now, type the following exactly as listed below (or copy-paste):
It should look like this:
Next, locate the file called: com.apple.Safari.plist, and drag and drop this file in the Trash. Then, restart your computer and open Safari again. If for some reason you still see the same pop-up alert message, follow the same instructions from above and go to:
~/Library/Saved Application State
Locate a folder called: com.apple.safari.savedState, and drag the file to Trash. Restart your computer again and this should resolve the issue.
To remove Chrome or Firefox files, click the appropriate link below:
If you fell victim to the scam and contacted one of these companies for additional assistance, your computer may have been compromised. The first thing you should do is contact your bank or credit card company to dispute the charge as fraudulent and monitor your records for any unusual purchases or activity.
You should now restore your computer from Time Machine or Personal Backup.
What To Do If You Don't Have a Backup?
There's no way to know for certain what might have happened if you called the phone number in the alerts and allowed one of these companies remote-access to your computer. If you don't have a backup that you can recover from, then the most secure thing to do is to erase your entire computer and start over from scratch. Please note that this will erase all of your data from your Mac.
All of this information highlights the fact that a multi-layered approach to security is the best method to protect your digital life from the bad guys. Intego offers powerful Mac antivirus and security software that works together to create layers of security. This tactic makes your machine a less profitable (and therefore less desirable) target for cybercriminals. So keep your Mac safe with advanced Mac security solutions such as Intego's Mac Premium Bundle, which protects from malware, network attacks, web threats, spyware, and more.
We encourage anyone who encounters ransomware to send the files to our Virus Detection Team for further analysis. If you have any other questions or concerns, contact Intego Support and one of our Mac experts will happily assist you.