Keyboard.

Cybersecurity Basics:
Recognizing and Avoiding Scams

Don't Fall for Scams

Popup messages warning you about malware are scams.

Bogus malware warning, a scam.

This popup is a scam trying to infect your computer and steal your credit card number. Ignore this bogus "warning"!

Do not click to "download antispyware", do not click to "update Windows antivirus", do not call the phone number.

These are just as bogus as the phone calls claiming to be from Microsoft or your ISP. They want you to install spyware or give them your credit card number.

Hang up on those phone calls. Ignore these popups.

Bogus malware warning, a scam.

This popup is yet another scam trying to infect your computer and steal your credit card number. Ignore this!

Bogus malware warning, a scam.

This popup is also a scam trying to infect your computer and steal your credit card number. Ignore this scam!

How can you clean up?

Close all your browser windows. Make sure to close all of them, it may have also opened a small window that "popped under" an existing window so you don't notice it.

Once in a while it will be worse, it will keep re-opening a new window. Browsers shouldn't do that any more, see the earlier page about updating your software.

If you can't kill off the browser process, on Linux or other UNIX-family operating systems, run whichever of these commands corresponds to the misbehaving browser:

$ pkill chrome

$ pkill chromium

$ pkill firefox 

On Windows, right-click on the task bar, start the Task Manager, and find and terminate the browser processes. Beware: iexplorer.exe is a browser, while explorer.exe is the desktop itself.

Why do these popups appear?

You have looked at a hostile page with your browser. How did that happen?

Maybe you simply wandered into the hostile page. For quite a long time, the forbes.com site for Forbes magazine was hosting ads with hostile content. I'm not sure, it still may be. Look at the Forbes website, and you might be bothered with popup scams.

Maybe the site was hacked, its content replaced with something that tries to trick people with popups

You may have clicked on a link in an email that you thought came from a friend. Many Facebook users connect their entire "Contacts" database to Facebook. Even if you don't use Facebook, someone who knows you may have done this. Attackers "scrape" sites like Facebook to build databases of email addresses and connections between people.

I know someone who apparently only uses Facebook, he doesn't seem to use email. I haven't received an actual email from him for a number of years now. But at least once a week on average, I get an email that appears to be from him.

The "From" field has his name. As for the source address, sometimes it has the username of his actual email account with a number added to the end. Sometimes it's something randomly different. Then it's at some random domain. Here's a screenshot of the list in my Trash folder:

Screenshot of Thunderbird trash folder showing list of similar scam emails.

Looking at those messages, the "From" fields are:
John Kamman <john.kamman313@song.ocn.ne.jp>
John Kamman <john.kamman68@grace.ocn.ne.jp>
John Kamman <info@floridaforextrading.com>
John Kamman <dhoit@waynetownship.net>
John Kamman <tjaros@iyvaa.com>
John Kamman <john.kamman205@song.ocn.ne.jp>
John Kamman <john.kamman465@coffee.ocn.ne.jp>

The Subject is either "Re: to" or "Fwd: for", then my name. The body is simple text, something like:
when you have a few minutes you my want to have a look at this
or: I hope all is well. Just thought you may want to have a look at this
or: Hope you're having a great day. I thought you might appreciate this
or: When you have a minute or two you may want to have a look at this
or: I thought you would appreciate it
or: Just wanted to share what I ran into the other day. You would probably want to have a look
or: When I found this page the other day I though of you. So I decided to share it with you

That is then followed by a URL. Looking at the headers, these messages are sent from IP addresses that have nothing to do with me, the purported sender, or the claimed "From" email address.

Next❯ Be a safe "Road Warrior"