Rogue Antivirus / Tech Support Pop-Up Scam

How This Attack Works

Rogue antivirus scams display fake virus detection pop-ups or browser alerts that mimic legitimate security software. Victims are instructed to call a toll-free number or download a "removal tool" that is actually malware or spyware. Once remote access is granted, attackers steal banking credentials and charge hundreds for fake services.

Red Flags to Watch For

• ✗
  Pop-up or email claims multiple viruses were found in a free unsolicited scan
• ✗
  You are told to call a phone number displayed in the alert immediately
• ✗
  Download prompted is from a site you do not recognize — not Microsoft or your antivirus vendor
• ✗
  Technician asks for remote access software to be installed
• ✗
  Payment for removal service is demanded via gift cards or prepaid debit cards
• ✗
  Alert uses loud sounds or voice narration to create panic

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• virus-detected-alert.comMALICIOUS
• pc-security-scan-now.netMALICIOUS
• windows-error-fix.comMALICIOUS
• free-virus-removal.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.