Top

About the Web Browser Pop-up Alert Scam

We have recently seen an increase in the number of users reporting an issue with their web browsers (Safari, Chrome, or Firefox), where a pop-up alert window appears instructing them that their computer may have been hijacked or that there is a "major security issue".  The window may even have a phone number to call as seen below:

Alert2.png Alert1.png

What You Should Do If You See One of These Windows?

It's important to understand that this is not a computer virus, and your Mac has not been infected with any malware.  It is also very important that you do NOT call the phone number listed in this window.  This is a scam, and you should not spend any money or share your personal information with anyone to get rid of these messages.  If you do happen to call one of these phone numbers, you will more than likely be asked to install special software on your Mac that will allow them to remotely access information on your computer and possibly compromise your system further.  

Removing the Alert From Your Web Browser:

If you see this message in your web browser, follow the instructions below to clear this threat:

1. Reset Your Browser

2. Force Quit and Restart Browser

3. Delete Safari Preferences Manually

4. What To Do If You Called the Phone Number

5. Protect Your Computer From Future Attacks

6. Contact Intego Support

 

1. Reset Your Browser

Update: The process for resetting Safari has changed with Mac OS X Yosemite or higher.

Curiously, Apple has actually made this process a lot more difficult than it used to be. There are now three different areas inside Safari for removing certain information.  To reset Safari, follow these steps:

In the Safari menu, choose "Preferences..."

Preferences.png


Click the 'Privacy' button at the top of the new window that appears, and then click the "Remove All Website Data" button. It will ask you if you are sure you want to remove all data stored by websites on your computer.

Remove_Data.png

Remove_Now.png

Select "Remove Now" to clear data that could be used to track your browsing.

Next, you'll want to clear caches. To do so, you now have to enable Develop mode to clear Safari caches:

  • From your Safari menu bar, click Safari > Preferences, then select the Advanced tab.
  • Enable the checkbox to "Show Develop menu in menu bar".

Developer.png

  • Now from the menu bar, click Develop > Empty Caches.

Empty_Caches.png

 

For older versions of Safari 7.x and lower:

In the Safari menu, choose “Reset Safari.” The browser will restart without bringing up the problematic site. It will, however, erase a lot of other historical saved data.

Reset Safari

For Chrome or Firefox instructions, click the appropriate links:

Reset Chrome

Reset Firefox

 

2. Force Quit + Hold Shift Key While Restarting Your Browser

The other tactic simply targets the function that resumes open windows after a crash, which can be done by holding the Shift key while starting Safari.

First you will need to force-quit Safari as you would expect, either by going to the Apple menu and choosing “Force Quit” and choosing to quit Safari, or by using the keyboard-combination Command + Option + Escape  (Cmd+Alt+Esc) to bring up the same window.

Force_Quit.png

The second step is to hold the Shift key while relaunching Safari, which restarts the browser without reloading any previously open windows.

3. Delete Safari Preferences Manually

If neither of the steps above work, then you will want to manually delete files from your computer to fix the issue for good.  

First, you will need to go to your Preferences folder.  Open a Finder window.  Click: Go > Go to Folder... in the top menu bar:

Screen_Shot_2015-04-06_at_12.09.40_PM.png

Now, type the following exactly as listed below (or copy-paste):

~/Library/Preferences

It should look like this:

GoToFolder.png

Next, locate the file called:  com.apple.Safari.plist, and drag and drop this file in the Trash.  Then, restart your computer and open Safari again.  If for some reason you still see the same pop-up alert message, follow the same instructions from above and go to:

~/Library/Saved Application State

Locate a folder called:  com.apple.safari.savedState, and drag the file to Trash.  Restart your computer again and this should resolve the issue.

To remove Chrome or Firefox files, click the appropriate link below:

Chrome - Delete User Profile Information

Firefox - Remove User Data and Settings

 

4. What To Do If You Called the Phone Number?

If you fell victim to the scam and contacted one of these companies for additional assistance, your computer may have been compromised.  The first thing you should do is contact your bank or credit card company to dispute the charge as fraudulent and monitor your records for any unusual purchases or activity.  

You should now restore your computer from Time Machine or Personal Backup.

How to Restore From a Time Machine Backup

How to Restore Using Personal Backup 

 

What To Do If You Don't Have a Backup?

There's no way to know for certain what might have happened if you called the phone number in the alerts and allowed one of these companies remote-access to your computer.  If you don't have a backup that you can recover from, then the most secure thing to do is to erase your entire computer and start over from scratch. Please note that this will erase all of your data from your Mac.

Erase and Reinstall Mac OS X or macOS

 

5. Protect Your Computer From Future Attacks

All of this information highlights the fact that a multi-layered approach to security is the best method to protect your digital life from the bad guys. Intego offers powerful Mac antivirus and security software that works together to create layers of security. This tactic makes your machine a less profitable (and therefore less desirable) target for cybercriminals. So keep your Mac safe with advanced Mac security solutions such as Intego's Mac Premium Bundle, which protects from malware, network attacks, web threats, spyware, and more.

Buy Now

 

6. Contact Intego Support


We encourage anyone who encounters ransomware to send the files to our Virus Detection Team for further analysis.  If you have any other questions or concerns, contact Intego Support and one of our Mac experts will happily assist you.

Have more questions? Submit a request

Comments