Windows Defender Security Warning Scam: How to Respond When Your Computer Appears ‘Locked’

The “Windows Defender Security Warning” scam is a deceptive pop-up that has duped countless computer users. Masquerading as an authentic alert from Microsoft, this bogus message claims your computer is under threat and prompts you to call a listed number. Beware: Microsoft never communicates security threats this way. Those who’ve dialed the number have faced costly fake services, potential data theft, and malware risks. Stay informed and vigilant against such tactics. Dive into this article to understand the specifics and ensure you’re not the next victim.

QUICK LINKS

How the “Windows Defender Security Warning” Scam works
Is the “Windows Defender Security Warning” Real?
How to Identify Such Scams
How to remove “Windows Defender Security Warning” pop-ups

How the “Windows Defender Security Warning” Scam works?

The “Windows Defender Security Warning” scam preys on users’ fears of viruses, data theft, and system vulnerabilities, and it follows a cunning methodology. When a user visits a compromised or malicious website, often without realizing it, they are greeted with a full-screen pop-up that is meticulously designed to mimic a legitimate Windows security alert. This fraudulent message contains alarming statements, such as claims that the computer is infected with high-risk malware or that the user’s personal data is compromised. It uses phrases like “Trojan Spyware” and “Windows Firewall Protection” to seem authentic, coupled with threats about potential breaches to email credentials, banking passwords, and personal files.

Actual Text of the ‘Windows Defender Security Warning’ Scam Popup Message:

Windows-Defender – Security Warning

** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **

Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.

> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents

Windows-Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.
You must contact us immediately so that our engineers can walk you through the removal process over the phone.
Call Windows Support immediately to report this threat, prevent identity theft and unlock access to this device.
Closing this window will put your personal information at risk and lead to a suspension of your Windows Registration.
Call Windows Support: +1-571-385-1696 (Security Helpline)

OK Cancel

Playing on urgency and fear, the scam emphasizes immediate action. It directs users to call a specific phone number for “support”, warning them that any delay or attempt to close the pop-up can lead to further complications, like data theft or computer lockdown. If someone is convinced enough to dial the provided number, they’re met by scammers pretending to be “technical support agents” from reputed firms, like Microsoft. These fraudsters, armed with technical jargon and confidence, weave a narrative about the critical state of the user’s computer.

Full Text of the ‘Windows Defender Security Warning’ fake alerts:
#1:

Windows Defender Security Center
App: Ads.BrowserObject(2).dll
Threat Detected: Trojan Spyware
Access to this PC has been blocked for security reasons.
Contact Windows Support: +1-571-385-1696 (Security Helpline)
Microsoft

Deny Allow

#2:

Windows Firewall Protection
Microsoft Trojan Spyware Alert – Error Code: #0x898778
Access to this PC has been blocked for security reasons.

Contact Windows Support: +1-(888)-351-4098

Threat Detected – Trojan Spyware
App: Ads.financetrack(1).exe

Run Anyway Back to Safety

As the scam progresses, the so-called “agent” may request remote access to the victim’s computer, falsely claiming it’s to “rectify” the issue. With this access, they can plant malware, siphon off personal information, or even show fake “evidence” of the computer’s compromised state. Their endgame usually revolves around extracting money. They convince the victim to buy unnecessary software or services, or in more direct approaches, ask for payment under the guise of resolving the contrived issues, leading to both monetary loss and a potential for future financial fraud.

Windows Defender - Security Warning - fake system scan

The Windows Defender – Security Warning scam runs a fake system scan

In sum, the “Windows Defender Security Warning” scam is a multi-step ploy that hinges on deception, technical masquerade, and exploiting users’ genuine concerns for their digital safety. Recognizing its tricks is crucial to avoid being ensnared by it or other similar online traps.

Is the “Windows Defender Security Warning” Real?

Despite its official-sounding name and design crafted to mimic genuine Windows notifications, the “Windows Defender Security Warning” alert is a fabrication. While Windows Defender is a real security software integrated into the Windows operating system, it does not display alerts with this specific title or ask users to make phone calls for support.

Here’s how you can differentiate between the scam and authentic alerts:

Genuine Windows Defender notifications do not prompt users to call a specific phone number. Any alert that does so should be considered suspicious immediately.
Authentic alerts typically guide users to actions within the software interface itself, like removing the detected threat, rather than providing external phone numbers or websites.
The fake “Windows Defender Security Warning” often uses alarmist and urgent language, pressuring users to act quickly due to purported risks like data theft or computer lockdown. While real alerts are designed to be informative, they tend to be more measured in their approach.
The scam might have slight differences in design, color scheme, or typography compared to the familiar Windows interface. These can be subtle, but a keen eye can spot inconsistencies.

In conclusion, while Windows Defender does issue real security alerts, the “Windows Defender Security Warning” as described, especially those prompting users to call a specific number, is undoubtedly a scam. It’s essential to familiarize yourself with the appearance and behavior of genuine notifications to avoid falling victim to such deceitful tactics.

Examples of such scams

Scammers are continually coming up with new tactics to deceive unsuspecting individuals, and the “Windows Defender Security Warning” scam is just one example of their deceptive techniques. However, it is important to note that this is not an isolated case. There are numerous scams out there that exploit similar strategies, aiming to trick people into falling for their fraudulent schemes.

Here are some links to examples of similar scams: Virus Has Been Found On Your PC Scam, Your Card Payment Has Failed – McAfee Renew Subscription Scam, and McAfee Virus found (3) Pop-Up Scam.

: McAfee TROJAN Virus/Emotet Detected pop-up on Windows

: Fake “McAfee Potential Viruses (3)” Alert Scam

: Foylosd.xyz McAfee Scam

: Validitysupport.com McAfee Scam

: “Your card payment has failed” McAfee Scam

Origins of “Windows Defender Security Warning” Scam Pop-ups

The “Windows Defender Security Warning” scam pop-ups can come from various sources, including malicious websites, spam emails, or pop-up advertisements. One of the most common methods is through the use of adware, which is a type of software that displays unwanted ads or redirects users to unwanted websites. Adware can be bundled with legitimate software or downloaded unintentionally from the internet.

Another source of these scams is through the use of malicious push notifications, which are notifications that appear on your desktop or mobile device without your consent. These push notifications can be triggered by visiting a malicious website or by downloading a malicious app.

In some cases, scammers use fraudulent ad networks to display fake ads that look like legitimate security warnings, tricking users into clicking on them and installing malware on their computers.

How to Identify Such Scams

Being able to identify scams similar to the “Windows Defender Security Warning” scheme is crucial in protecting yourself from falling victim to online fraud. These scams employ deceptive tactics to instill fear and urgency in their targets, aiming to trick them into divulging sensitive information or falling for fraudulent schemes. By understanding how to identify such scams, you can better protect yourself from falling victim to their deceitful practices.

In this section, we will explore key indicators that can help you spot these scams and take appropriate measures to stay safe in the digital landscape.

Pay attention to the website’s URL and domain name. Scammers often use slight variations or misspellings of legitimate domain names to create fake websites. Double-check the web address for any irregularities or inconsistencies.
Many scam websites have amateurish designs, with low-quality graphics, spelling errors, or poor grammar. Legitimate companies typically have well-designed and professional-looking websites, so be wary of any visual inconsistencies or unprofessional elements.
Scam pages often utilize alarming language and urgency to create a sense of panic. They may claim your device is infected, blocked, or involved in illegal activities, aiming to prompt immediate action. Legitimate companies usually communicate important information through official channels rather than using aggressive pop-ups.
Be cautious if you receive unsolicited pop-ups, emails, or phone calls claiming there is a problem with your device. Legitimate companies generally do not initiate support or security alerts without prior contact from the user.
Scammers may ask for sensitive information such as passwords, credit card details, or social security numbers. Legitimate companies will never request such information through unsolicited contact or suspicious channels.
Check for official verification marks or security indicators on websites. Legitimate companies often display security seals, SSL certificates, or other trust marks to demonstrate their authenticity.
Rely on official support channels provided by reputable companies. Avoid clicking on random links or calling phone numbers displayed on suspicious websites or pop-ups. Use search engines to independently find official contact information and verify its legitimacy.

By being aware of these red flags and adopting a cautious approach, you can effectively identify scams similar to the “Windows Defender Security Warning” scheme. Remember, it is essential to prioritize your online security and protect yourself from falling victim to these deceptive tactics.

Threat Summary

Name	“Windows Defender Security Warning” Scam
Type	Tech Support Scam
Fake claims	Computer is infected with high-risk malware, user’s data compromised, immediate action needed
Fake err	“Trojan Spyware Alert – Error Code: #0x898778”, “Windows Firewall Protection”, “Windows Defender Security Center”
Scammers websites	Example: notification-book-subs.xyz, support-helpline-online-xyz-dot23.info, aycbbcs.tk, ur25bundling.ga, vigorous-driscoll.206-189-132-43.plesk.page; websites vary; typically compromised sites, malicious pop-up ads, or misleading domains posing as official support
Scammers contacts	Example: +1 (571) 385-1696, +1 (888) 351-4098, +1 (888) 608-2509, +1 (877) 768-8844, +1-(888)-351-4098, +1-(833)-930-2284, +1-(805)-510-7708; always changing to evade detection
Distribution	Malvertising, compromised websites, phishing emails, misleading search engine results
Damage	Financial loss, potential identity theft, malware infection, unnecessary software purchases
Indicators of the Scam	Urgency in the message, unsolicited phone number prompts, mismatched graphics, grammar or spelling errors
Prevention Tips	Avoid clicking on suspicious links, keep software updated, install a reputable antivirus, be skeptical of unsolicited pop-ups
Reporting Info	Report to local authorities, Microsoft’s official scam reporting page, and the Federal Trade Commission (FTC)

How to remove “Windows Defender Security Warning” pop-ups

If you have encountered “Windows Defender Security Warning” pop-ups, you should not trust the message and refrain from clicking any buttons or links that appear on the page. Instead, follow the steps below to remove the pop-up and any potential malware from your computer:

The below guide for devices using Windows, for Android phones, use How to remove virus from Android phone, and for Apple computers based on Mac OS use How to get rid of browser hijacker, pop-ups, advertisements from Mac

To remove “Windows Defender Security Warning” pop ups, complete the steps below:

Close the pop-up
Clear your browsing history
Disable push notifications
Scan your computer for malware
Reset your browser settings

Close the pop-up

Closing the pop-up is the first step you should take when dealing with the “Windows Defender Security Warning” scam. Although it may seem like a simple task, some users may find it challenging, especially if the pop-up is designed to be persistent and difficult to close. This step is crucial because it prevents the user from falling into the trap set by the scammers and clicking on any of the buttons or links that can lead to further harm. In this section, we will provide a detailed guide on how to close the “Windows Defender Security Warning” pop-up safely and effectively.

Don’t click on anything within the pop-up as it could lead to further harm.
Look for a small “X” or “Close” button within the pop-up window. Click on it to close the window.
If there is no “X” or “Close” button, try pressing the “Esc” key on your keyboard to close the pop-up.
If the pop-up still won’t close, try opening your computer’s Task Manager by pressing “Ctrl + Shift + Esc” on your keyboard (or “Ctrl + Alt + Delete” and then select “Task Manager”). Find the browser window that the pop-up is in, right-click on it, and select “End Task” to force close the window.

Clear your browsing history

Clearing your browsing history is an important step in removing “Windows Defender Security Warning” pop-ups. These pop-ups often come from malicious websites that can be stored in your browsing history.

By clearing your browsing history, you can get rid of any traces of these websites and prevent the pop-ups from reappearing. In this step, we will walk you through how to clear your browsing history on different browsers.

Open your browser’s settings or options menu. This can usually be accessed by clicking on the three dots or lines in the top right or left corner of the browser window.
Scroll down to the “Privacy & Security” or “History” section of the settings menu.
Click on “Clear Browsing Data” or “Clear History” (the wording may vary depending on the browser you are using).
In the pop-up window that appears, choose the time range for which you want to clear your browsing history (e.g. “Last hour”, “Last 24 hours”, “All time”, etc.).
Make sure that “Browsing history” or “History” is selected as one of the types of data to be cleared.
Click on the “Clear Data” or “Clear History” button (the wording may vary depending on the browser you are using).
Wait for the browser to finish clearing your browsing history. This may take a few moments, especially if you have a lot of browsing data stored on your computer.
Close and restart your browser to ensure that the changes take effect.

Disable push notifications

If you’re experiencing persistent push notifications from websites that are showing “Windows Defender Security Warning” scams, the best course of action is to disable push notifications altogether. Disabling push notifications prevents malicious websites from showing you unwanted pop-ups and alerts, which can help protect your computer from further harm. In this step, we’ll walk you through the process of disabling push notifications in your web browser.

Google Chrome:

Click on ‘three dots menu’ button at the top-right corner of the Google Chrome window.
Select ‘Settings’, scroll down to the bottom and click ‘Advanced’.
At the ‘Privacy and Security’ section click ‘Site settings’.
Click on ‘Notifications’.
Locate the “Windows Defender Security Warning” site and click the three vertical dots button next to it, then click on ‘Remove’.

Android:

Open Chrome.
Tap on the Menu button (three dots) on the top right corner of the screen.
In the menu tap ‘Settings’, scroll down to ‘Advanced’.
In the ‘Site Settings’, tap on ‘Notifications’, locate the “Windows Defender Security Warning” URL and tap on it.
Tap the ‘Clean & Reset’ button and confirm.

Mozilla Firefox:

In the top right corner, click the Firefox menu (three bars).
In the drop-down menu select ‘Options’. In the left side select ‘Privacy & Security’.
Scroll down to ‘Permissions’ section and click ‘Settings…’ button next to ‘Notifications’.
Find “Windows Defender Security Warning”, other suspicious URLs, click the drop-down menu and select ‘Block’.
Click ‘Save Changes’ button.

Edge:

Click the More button (three dots) in the top-right corner of the window.
Scroll down, locate and click ‘Settings’. In the left side select ‘Advanced’.
In the ‘Website permissions’ section click ‘Manage permissions’.
Disable the on switch for the “Windows Defender Security Warning” domain.

Internet Explorer:

Click the Gear button on the top-right corner of the browser.
Select ‘Internet options’.
Click on the ‘Privacy’ tab and select ‘Settings’ in the pop-up blockers section.
Locate the “Windows Defender Security Warning” site and click the ‘Remove’ button to delete the site.

Safari:

Go to ‘Preferences’ in the Safari menu.
Select the ‘Websites’ tab and then select ‘Notifications’ section on the left panel.
Find the “Windows Defender Security Warning” site and select it, click the ‘Deny’ button.

Scan computer for malware

If you have encountered the “Windows Defender Security Warning” scam, it is possible that your computer has been infected with malware. In order to ensure that your system is completely clean, it is important to perform a thorough scan for malware. This will help to identify any malicious files or programs that may be hiding on your computer and remove them to prevent further damage. In this step, we will guide you through the process of scanning your computer for malware using trusted antivirus software.

Malwarebytes is a reputable anti-malware program that can effectively detect and remove adware, potentially unwanted programs and malware. It has a user-friendly interface and offers both free and paid versions, with the paid version offering real-time protection and other advanced features. To use Malwarebytes to remove malicious software, you can download and install the program, perform a scan of your system, and follow the prompts to remove any detected threats.

Visit the following link and download the latest version of Malwarebytes. Once the download is complete, run the installer and follow the instructions to install the program on your computer.

Malwarebytes Anti-malware
327099 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

Open Malwarebytes and click on the “Scan” button. The program will start scanning your computer for any malware or potentially unwanted programs. Depending on the size of your hard drive, this may take a few minutes to complete.

Once the scan is complete, Malwarebytes will display a list of any threats it has found. Review the list carefully and make sure that all the items are checked for removal. Then, click on the “Quarantine” button to remove the threats from your computer. After the removal process is complete, you may be prompted to restart your computer to complete the process.

Please follow this step-by-step video tutorial to learn how to use Malwarebytes to scan and remove any potential threats from your computer. The video will guide you through the entire process, from downloading and installing Malwarebytes to running a scan and removing any identified threats.

Reset your browser settings

If the “Windows Defender Security Warning” pop-ups persist even after clearing your browsing history, disabling push notifications, and scanning your computer for malware, resetting your browser settings might be the next step to take. Resetting your browser settings can remove any unwanted extensions or changes made to your browser that may be causing the pop-ups to appear. In this step, we will guide you through the process of resetting your browser settings in different popular browsers.

To reset your browser settings in Google Chrome:

Open Chrome and click on the three-dot icon in the top-right corner.
Select “Settings” from the drop-down menu.
Scroll down to the bottom of the page and click on “Advanced”.
Scroll down to the “Reset and cleanup” section and click on “Restore settings to their original defaults”.
Click “Reset settings” to confirm.

To reset your browser settings in Mozilla Firefox:

Open Firefox and click on the three-line icon in the top-right corner.
Select “Help” from the drop-down menu and then click on “Troubleshooting Information”.
Click on the “Refresh Firefox” button in the top-right corner.
Click “Refresh Firefox” again to confirm.

To reset your browser settings in Microsoft Edge:

Open Edge and click on the three-dot icon in the top-right corner.
Select “Settings” from the drop-down menu.
Scroll down and click on “Reset settings”.
Click “Restore settings to their default values”.
Click “Reset” to confirm.

After resetting your browser settings, be sure to check for any remaining suspicious extensions and remove them if necessary.

Conclusion

In conclusion, the “Windows Defender Security Warning” scam and similar deceptive schemes continue to pose a threat to unsuspecting individuals. By understanding the tactics employed by scammers, recognizing the red flags, and taking preventive measures, you can protect yourself from falling victim to these fraudulent schemes.

Remember to be cautious of suspicious pop-ups, unsolicited contact, and requests for personal or financial information. Legitimate companies will not display alarming messages or demand immediate action through aggressive pop-ups. Stay informed about common scams, rely on official support channels, and use reputable security software to safeguard your devices.