Windows Defender Security Center pop-up alert is a tech-support scam that tries to trick people into paying for services they neither need nor actually receive. Most users will have encountered tech-support scams at some point in their online lives. They are the types of scams that display fake virus alerts in the browser and ask users to call fake tech support numbers, hence why they’re known as tech-support scams. The scams are harmless enough as long as users do not call the fake tech-support numbers. But if users engage with these scammers, they may end up becoming victims of fraud and/or have their files stolen.
The way tech-support scams like Windows Defender Security Center work is users get redirected to fake Microsoft websites that display bogus virus alerts. The alerts usually try to scare users into thinking that serious malware is on their computers and that it’s stealing their files. For example, the Windows Defender Security Center pop-up scam claims that the computer has been blocked for security reasons because a “DOSAttack Spyware” malware is present. The malware is supposedly stealing files and information, including email/social media login credentials, banking information, and photos.
The point of tech-support scams is to force users to call the phone numbers they display to supposedly get technical support. However, instead of Microsoft technicians, users who call would be connected to professional scammers. Scammers would make the situation seem very severe in order to scare users and then request remote access to their computers. The scammers would put on a show of fixing the computer if users grant them remote access, as well as steal files/data and set up passwords. For these fake repair sessions, scammers usually demand hundreds of dollars in payment. If users refuse to pay, they harass users. In some cases, scammers set a password for users’ devices. If users refuse to pay the requested sum of money, scammers refuse to give the password.
Scammers usually demand the payments to be made in gift cards. When payments are made this way, victims cannot get a refund or track the scammers. Since these tech support scams are incredibly widespread, shops in the US that sell gift cards display notices warning people about tech support scams. And because a large percentage of victims are the elderly, many cashiers try to help when they notice someone purchasing expansive gift cards. This happens often enough that scammers started coaching victims on what to say when purchasing the gift cards so as not to arouse suspicion.
If you are interested in seeing what a tech-support scam like Windows Defender Security Center looks like, you can find many videos on YouTube of people purposely engaging with scammers, either for educational purposes or just to waste their time. Software engineer Jim Browning has one of the biggest YouTube channels dedicated to educating people and dismantling various online scam call centers.
How do users end up on tech-support scam websites?
Users don’t end up on tech-support scam websites because they want to. Instead, they’re redirected to them. Redirects to scam sites displaying Windows Defender Security Center alerts can happen for a couple of reasons. In most cases, users are redirected by the websites they browse. For example, sites that have pirated content usually trigger random redirects. It’s especially common to get redirected when browsing sites with pornography or pirated content. This is easily preventable by using a reliable adblocker program. Adblocker programs block most intrusive ads, as well as close redirect windows as soon as they open.
It’s also possible for an adware infection to trigger redirects. If adware is at fault, the redirects would happen regularly, even when browsing safe sites. Adware is a pretty minor infection that mostly focuses on exposing users to sponsored/advertisement content. It can install via the software bundling method, which essentially allows it to come attached to free software as an extra offer and install alongside. Because it allows programs to install without users’ permission, it’s quite a frowned-upon method of installation. It’s not uncommon for programs that use it to be detected as potential threats by anti-virus vendors.
The way software bundling works is programs like adware are attached to free software as extra offers. The offers are technically optional but they need to be manually deselected. If users fail to deselect them, the offers install alongside the program they’re attached to without explicit permission. As we said already, the offers are optional but because they’re initially hidden, many users simply do not notice them in time to stop their installation.
When installing freeware, it’s important to choose Advanced (Custom) settings instead of Default. The installation window recommends using Default settings but those settings will hide all offers and permit their automatic installation. If you opt for Advanced settings, all offers will be made visible. Not only will these settings allow you to review what has been added, but you’ll also have the option to deselect everything. We always recommend deselecting all offers because software bundling is a very questionable installation method.
How to recognize tech-support scams
Tech-support scams are very easy to identify for one reason. The fake virus alerts appear in a browser when users get redirected to certain websites. This makes it immediately clear that it’s a tech support scam. Browsers cannot detect malware, nor do they display legitimate malware alerts. Every single virus/malware alert that is displayed in your browser will be a scam. Only trust a reliable anti-virus program to display legitimate virus/malware alerts.
The fake virus alerts and tech-support scams aren’t particularly convincing in general, especially if you have at least some knowledge of computers. The alerts make ridiculous claims like Microsoft blocking a computer for security reasons, or that the company deletes files on infected computers. The alerts are also usually riddled with grammar/spelling mistakes.
Lastly, Microsoft, Apple, and similar companies do not make unsolicited contact with their users. This is why you will never see their customer support phone numbers in their alerts. An alert that displays a phone number will always be fake.