Has an unfamiliar pop-up appeared in your browser? Spread by adware, the “ransomware detected” pop-up and other fake pop-ups are used by cybercriminals to commit fraud.

This article teaches you how to identify and remove fake pop-ups. Read on as we explore:

  • What fake pop-ups are
  • How pop-up scams work
  • Ways to identify fake pop-ups
  • How to remove fake pop-ups
  • Different types of fake pop-ups
  • Protecting against pop-up scams
  • How to prevent fake pop-ups

What are fake pop-ups?

Pop-ups are generated by websites to offer users additional information or guidance (such as how to fill in a form, how to apply a discount code, etc.) However, some can be unwanted or even harmful — these are usually fake pop-ups. In fact, some fake pop-ups are designed to entice you into clicking on a button that redirects you to a fake site. Some pop-ups may also be installed by adware or malware programs.

So, what is the “ransomware detected” pop-up? Like other fake pop-ups, this pop-up displays a false security warning as part of a pop-up scam. Fake pop-ups may appear in your browser (if your browser is redirected by adware) or they may be produced by adware or malware programs installed on your computer.

Adware is something that you may have downloaded accidentally, possibly by clicking on a malicious advert by mistake. Alternatively, adware may have infected your computer through a link in a spam email or an attachment that you opened. Once on your computer, adware automatically displays pop-ups in your browser when you are online. The “ransomware detected” pop-up is one of  many fake pop-ups that can trigger malicious advertising.

Woman biting pencil over laptop in frustration

The message displayed on the “ransomware detected” pop-up may appear similar to this:

Object:

Error #268D3 (Unauthorized access)

Region:

Russia, China, Vietnam

Compromised Information:

1) Facebook Logins

2) Credit Card Detail

3) Email Account login

Action:

Do Not Shut down or Reset Your Computer, Call Security Expert & Scan Your Device & Network Now.

The server reports that it is from Internet Security Damaged !!! WannaCry Ransomware Threat Detected !! Call Microsoft Help Desk: (TOLL-FREE) for Free Checkup.

 

Warning: Your username and password will be sent using basic authentication on a connection that isn’t secure.

If you spot this message, this a fake-pop up and is part of a pop-up scam. Do not respond to it. Instead, follow the adware and fake pop-up removal process outlined in this article.

How do pop-up scams work?

Fake pop-ups, like the “ransomware detected” pop-up, tell users that there is a security threat or technical problem with their computer. They instruct users to call a telephone number specified on the pop-up in order to pay for technical support to resolve this threat.

Cybercriminals use these pop-up scams to make money. They prey on concerned users who want to ensure their computer is secure, extorting money from them to fix problems and resolve threats that do not exist.

To learn more about how pop-up and tech support scams work, read our article on Tech Support Scams.

How to identify fake pop-ups

Now you understand what pop-up scams are, let’s discuss how to spot them. Here are a few ways to identify a fake pop-up:

1) Look for spelling mistakes and unprofessional images

To identify a fake pop-up, look closely at the information being displayed in the pop-up. Are there any spelling mistakes? Do the images look professional?

Poor spelling and grammar and unprofessional imagery suggest that a pop-up is fake.

Man with glasses looking at computer screen with pop-up

2) Compare the pop-up to a legitimate notification

Fake pop-ups may claim to be from your internet security provider. It is important to be able to differentiate legitimate notifications from fake pop-ups.

Familiarize yourself with how legitimate notifications (from the internet security or anti-virus software you use) normally appear. If you use Kaspersky Internet Security, this is how security notifications from us appear.

Getting familiar with how legitimate notifications appear will help you spot a fake pop-up.

If you’re in any doubt, ignore the pop-up and scan your computer using your Internet security product.

3) Try to close your browser

Fake pop-ups may cause your browser to switch to full screen mode. If your browser is on full screen mode and you see a suspicious pop-up, try to minimize or close your browser.

If you are unable to minimize or close your browser, it is likely that the pop-up you are seeing is a scam. Be careful when trying to close or minimize the pop up itself: the minimize and close buttons usually aren’t real. They’re just images of real buttons on a button and by clicking on them you are responding to the pop-up.

4) Verify the phone number

Most fake pop-ups give a phone number and instruct you to call it to resolve a security threat. If the pop-up claims to be from your internet security provider, check the phone number given against the number on the official website.

Another way to verify a phone number is to type it into your search engine. Legitimate company phone numbers can be verified this way. If you cannot find the company the phone number is attributed to, it is likely to be a scam.

5) Remember: we will not demand you call us

While your internet security provider may offer technical support over the phone, they will not demand that you call them — especially not via a pop-up.

Your anti-virus or internet security software does not require you to call anyone in order to work. Threats are normally resolved within the software itself.

If a pop-up is demanding that you call a number in order to resolve a security threat or fix a technical issue, it is likely to be a pop-up scam.

Laptops on a wooden table with a pair of hands

How to remove fake pop-ups

This section explores how to remove tech support scam pop-ups from your browser. If you spot a fake pop-up, you can easily remove it using Kaspersky Anti-Virus.

First, you need to close your browser. If the “ransomware detected” pop-up or another fake pop-up has locked your browser on full screen mode, close your browser using ‘Task manager’.

Click Ctrl+Alt+Del and select ‘Task manager’. Highlight your browser from the list and left click on it. Then, click ‘End task’ to close your browser. When you reopen your browser, ensure that it is set to block pop-up windows and not reopen the last opened page.

To remove the adware causing the “ransomware detected” pop-up and other fake pop-ups to appear in your browser, follow these 10 simple steps:

  • Download and install Kaspersky Anti-Virus
  • Disconnect from internet to prevent further interference from the adware
  • Reboot your computer into
    Safe Mode
  • Delete any temporary files using ‘Disk clean up’
  • Run the on-demand scan in Kaspersky Anti-Virus
  • If adware is found, delete or quarantine the file
  • Reboot your computer
  • Change passwords that you think have been compromised
  • Update your software, browser, and operating system
  • Rescan your computer to check no further threats

Woman using a laptop on the couch

Different types of fake pop-ups

The “ransomware detected” pop-up is one type of fake pop-up. Other fake pop-ups that cybercriminals use as part of pop-up scams include:

“AppleCare renewal” pop-up: This is a pop-up scam that affects Mac users. The fake pop-up tells users there is a problem with their device and to call Apple support on a false number. Users who call may be made to think they need to renew AppleCare and tricked into paying the scammers.

Fake police pop-ups: Some fake pop-ups show messages claiming to be from law enforcement. They may trick users into calling a number to avoid criminal proceedings or give over personal data to help with an ‘investigation’.

Fake email provider pop-ups: Other fake pop-ups may pretend to be from your email provider, luring you to provide passwords or other personal data.

How to protect against pop-up scams

If you spot a fake pop-up, here’s how to avoid being scammed:

  • Do not click on the pop-up
  • Do not call the number of the pop-up
  • Do not give out personal details or payment details
  • Close your browser (using ‘Task manager’ if your browser is locked)
  • Remove the pop-up adware following the steps in the section above

Woman browsing on laptop and sipping coffee

How to prevent fake pop-ups

So, how can you protect your computer from adware and prevent fake pop-ups from appearing? Follow our adware and fake pop-up prevention tips to stay protected:

  • Use anti-virus software or a complete internet security solution. We recommend Kaspersky Total Security
  • Keep your anti-virus and internet security software updated
  • Keep your browser, software and operating system updated
  • Read user reviews and developer descriptions before downloading apps and software
  • Read the permissions that apps and software are asking for to check legitimacy
  • Check apps and software have a reasonable number of downloads
  • Only download apps and software from sites you trust
  • Do not click on unverified links in spam emails, messages or unfamiliar websites
  • Never open attachments in spam emails
  • If using public Wi-Fi, use a secure VPN connection. We recommend Kaspersky VPN Secure Connection
  • Do not insert unknown USB sticks or disks into your computer

Want to avoid becoming the victim of a pop-up scam? Prevent adware and fake pop-ups with Kaspersky Internet Security.

What is the “ransomware detected” pop-up?

Worried about a fake “ransomware detected” pop-up in your browser? Learn how to identify and remove fake pop-ups to keep your computer protected.

Kaspersky Logo