Malicious Popups – Samples

When working with customers and technology users, one question is “How do you know if something is bad?” I usually say ” If you live in a bad neighborhood you lock your doors and are more aware of your surroundings, so think of the internet as a bad neighborhood”

The internet can be a bad neighborhood in many ways. Between legitimate websites using advertisers they don’t know, malicious people wanting to steal your information, and/or installing programs, apps, key loggers, and more without our permission can become an endless job in protecting ourselves. This is not to count the Apps that get installed onto phones and tablets which request even more invasive permissions such as webcam, mic, contacts, phone access.

The safest way to prevent issues from a Malicious Popup is to just shutdown the computer before it causes harm to your data. Do not try to X them out, or click on YES or NO. Doing this could cause files to be downloaded and installed without your knowledge.

Below you will find some of the Malicious Pop Ups that I have collected to point out Red Flags.


A) The NSA is not going to ask for a MONEY PAK. This is a way of scamming trusting people and making it harder for them to get caught.


B) Microsoft is not watching your computer to this degree. They are not going to lock it to save your data and charge you to regain access to your own computer or device. I actually called these people to see what they would do. First time I called they didn’t even know what I was calling for(Red FLAG), They also didn’t know who they worked for,(Red Flag), They wanted me to state why I was calling.(Red Flag), I called several other times to see if it was the same person. Guess what it was. This person had several scams going. The second time I called he answered he was the IRS.

Another Red Flag is the website address. This is an advertisement from some so called tech repair website, However legit businesses are not going to cause a popup on your computer and scare you into paying them. Another thing these scammers do is use ambiguous website names that don’t make sense.


C) This is Scare Ware, Like the previous popup, They want you to call so they can get access to your computer. Some of these people will install tracking software and/or other software to steal data, They will also pretend to fix your machine. In this Case I used a Virtual Machine to video and track what these Thieves and Liars of society do. When I allowed access to this so called support person, All he did was open file which opens a terminal/Command Prompt o run commands from. The thief then proceeded to run basic commands that would show all the files and directories on the computer. I laughed cause they thought I was an unknowing computer user. Unknowns to them I was gonna waste more their time and allow them to do what they wanted with the Virtual Machine so that I can scan it afterwards to see if they installed new files and also to use the information I gathered to help our customers from this type of deception. Now after 30min or so while everything was displaying and the person on the other end was telling me he was scanning my system for issues, Which he wasn’t “He was only listing Directories and files.” The Listing stopped and he said that he found something and then opened a DLL file in a text reader. When you do this you will see that the file looks sporadic and like a foreign language and is normal. A DLL(Dynamic Link Library) file is not viewable in Text. He then proceeded to tell me that this file should show text and looked corrupted. Again he is wrong and trying to manipulate me to think my computer is infected. He then proceeded to tell me that they can fix this issue and try to charge me for the Fake Diagnosis and Repair. At this point I mentioned everything he did that was deceptive. He did not like that and threatened me, threatened to call the cops and several other things, I told him “GOOD, This will allow me to take scum like you off the streets from stealing from hard working people.” NOTE the website address. RED FLAG


D) Here is another example that is common Scare Ware, Again they ask for money in a MoneyPak from a gas station. The government is not going to do this. Also note the website that this is coming from. It is not even a Government Website. Its a internet marketing and advertising website. 2 RED FLAGS

These are just some examples of how to detect fraud.

1) Check websites in Popups. Many times you can easily detect fraud quickly. Some browsers will allow you to add these to a block list as well to prevent issues in the future.

2) Popups that contain MONEY PAK requests are 100% scams!!! They require this type of payment as it is much harder to trace this money.

3) Only Malicious People are gonna encrypt your files and force you to pay to get them back, NEWS: You will lose money but will not get your files back.

4) Popups from ambiguous Domains such as are always scams and only temporary domains till they get caught and shutdown. Some of these ambiguous domains are created by robot networks to deter tracking and bought with stolen money and credit cards.

5) Do not click on any part of these Popups. Shutdown the computer ASAP and have it looked at. You can try turning the computer back on. Sometimes the Popups are just a Popup and try to scare you into calling them for fake repairs. If the Popup is still showing up have your device looked at by someone that can find the hidden files and infection. Not all Virus Protection will detect these actions and many of the malicious files I have found installed will remove or disable virus protection.