Mac users: Beware of increased tech support scam pop-ups

Mac users: Beware of increased tech support scam pop-ups

Last month, we warned you about a rise in tech support scam pop-ups primarily affecting Windows where severe virus warnings often accompanied with audio cues urge the user to call for emergency tech support.

In a worrying trend, we are now also seeing an increase in similar fake sites targeting Apple users. The modus operandi is exactly the same:

  • stubborn pop-ups that make it almost impossible to close the browser
  • urgent warning to call a toll-free number

Fraudulent tech support companies often based overseas have offered their bogus services to Mac users before as we detailed it in an article last year (Tech Support Scams: Coming to a Mac near you).

After requesting remote control to the machine, the technician will run a scan in the Terminal or perhaps show the Console logs and flag anything in there as a virus or severe infection.

Unfortunately, many Mac users are unprepared for this kind of scams and can be social engineered into paying hundreds of dollars to fix nonexistent problems.

In some cases, you can close the pages normally but other times you can’t. That is because these crooks use JavaScript code to push a new alert window so quickly after you’ve clicked ‘OK’ that you cannot normally exit by closing the window or tab.

code

In the screenshot above the interval is set to 4000 (4 seconds) but other times it is set to 1 second, which is enough to close the warning and see it reappearing right away.

If that happens In OS X, you can force Safari to close (the hard way) by going to the Apple menu and choosing Force quit:

forcequit

 

forcequit2

Interestingly, these fake alerts also work on iOS, as pictured below on an iPhone:

iphone

If you are having trouble getting get rid of such a browser alert by the usual means, you can try the following:

  1. Close the browser application by double clicking the Home button and then swiping the window up
  2. Delete the browser history in Settings>Safari (otherwise the site will be back up next time you launch Safari)
  3. Relaunch Safari

The fight against tech support scammers continues more than ever. They are getting more and more aggressive and using techniques that slowly but surely resemble those used by malware authors.

This is a serious development that should make all of us aware of how dangerous it is to deal with unsolicited calls or calls initiated after seeing such scare pages.

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher