Avoid being scammed by the fake "IOS /MAC Defender Alert"
Written by Tomas Meskauskas on (updated)
What is the fake "IOS /MAC Defender Alert"?
"IOS /MAC Defender Alert" is a technical support scam, promoted on deceptive websites. This scheme targets Apple product users and claims that their devices have been infected. To prevent any damage being caused to the device, users are encouraged to call "Apple technical Support".
This is a scam, and all of the information provided by "IOS /MAC Defender Alert" is false. Additionally, this fake alert is in no way associated with the genuine Apple Inc. company. Few users access these deceptive/scam pages intentionally - most are redirected to them by intrusive advertisements or Potentially Unwanted Applications (PUAs) already infiltrated into the system.
Once a site running the "IOS /MAC Defender Alert" scam is entered, visitors are presented with a pop-up window. The text within the pop-up states that a recently-visited website has infected the user's Apple device with a virus/malware. Shutting down and/or restarting the machine can supposedly result in the system being permanently locked and/or the hard drive being erased.
Furthermore, the device and internet connection have already been blocked to reduce these risks. The pop-up urges users to call the bogus tech support number provided. The message in the background page is practically identically.
The only significant difference being that the fake infection is specified as the "Zepto" virus, although the text further continues to describe the threat as if it has not been identified. Note that no website is capable of detecting threats/issues present on users' devices, and ones promoting the "IOS /MAC Defender Alert" scheme are no exception to this.
Tech support scams abuse users' trust and this abuse can be varied. While the helplines are often presented as "free", they can be very expensive. Yet, this is hardly the only or primary way in which these scams generate revenue. Typically, scammers attempt to gain access to users' devices under the guise of providing technical support.
The initial access can then be employed to infect systems with malware, such as Remote Access Trojans (RATs), which can be used to ensure indefinite and stealthy access/control of the device. Additionally, the scammers' "services" are not free and users are asked to pay for them.
The "fees" are often paid via dubious payment portals, which can gather any information entered into them. Alternatively, scammers can demand difficult/impossible-to-trace digital currencies (e.g. cryptocurrencies, pre-paid vouchers, gift-cards, etc.).
Personal information (e.g. names, addresses, emails, banking account and/or credit card details, etc.) are of particular interest to scammers. They can obtain this data using various methods such as by extracting it from the device and/or hijacked accounts, tricking users' into revealing it, and so on.
To summarize, trusting "IOS /MAC Defender Alert" scam can lead to system infections, financial loss, serious privacy issues and even identity theft.
Aside from force-opening untrustworthy and malicious sites, PUAs have other/additional dangerous capabilities. Unwanted apps within the adware classification enable the placement of intrusive and harmful ads, typically, on any visited website. The delivered advertisements similarly promote suspect web pages, and some can even stealthily download/install rogue software.
Other PUA types called browser hijackers modify browsers in order to promote fake search engines. These promoted web searchers are rarely able to provide valid search results, and so they redirect to Google, Bing, Yahoo and other legitimate search engines. Furthermore, most PUAs monitor users' browsing activity.
They monitor and collect and visited URLs, viewed pages, searched queries, IP addresses, geolocations and personally identifiable details. The gathered data is usually shared with and/or sold to third parties (potentially, cyber criminals). To ensure device/user safety, remove all suspicious applications and browser extensions/plug-ins eliminated immediately upon detection.
Name | "IOS /MAC Defender Alert" pop-up |
Threat Type | Phishing, Scam, Mac malware, Mac virus. |
Fake Claim | User's Apple device is infected and blocked. |
Tech Support Scammer Phone Number | +32 78 25 11 40 |
Related Domains | rika02[.]club |
Detection Names | Kaspersky (Malware), Full List (VirusTotal) |
Serving IP Address | 160.153.131.139 |
Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads. |
Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
"Warning: Your macOS has expired", "Your Mac is infected with 5 viruses!" and "ZEUS VIRUS DETECTED !!!" are some examples of other scams designed to target Apple product users.
The internet is rife with these schemes. While they make different claims and their mode of operation can differ, the purpose is identical: to generate profit for the scammers/cyber criminals behind them. Therefore, you are strongly advised to exercise caution when browsing.
How did potentially unwanted applications install on my computer?
PUAs are distributed via the download/installation set-ups of other software.
This deceptive marketing technique of packing normal content with unwanted or malicious supplements is called "bundling" Rushing download/installation processes (e.g. ignoring terms, using pre-set options, etc.) increases the risk of unintentionally allowing unwanted and/or dangerous additions into the system. Certain PUAs have "official" download web pages.
Once clicked, intrusive ads can execute scripts to download/install PUAs without users' consent.
How to avoid installation of potentially unwanted applications
Software should be researched before download/installation and/or purchase. You are advised to use only official and verified download channels. Untrusted sources such as unofficial and free file-hosting websites, Peer-to-Peer sharing networks and other third party downloaders must not be used, as they commonly offer deceptive and/or bundled content.
When downloading/installing, it is important to read the terms, explore all possible options, use the "Custom/Advanced" settings and opt-out of additional apps, tools, features, and so on. Intrusive advertisements may seem legitimate, however they can redirect to dubious sites (e.g. gambling, pornography, adult-dating, etc.).
If you experience ads or redirects of this kind, check all devices and immediately remove all suspect applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text presented in the "IOS /MAC Defender Alert" scam pop-up window:
**IOS /MAC Defender Alert **
Dear IOS User, The Website you have recently visited may have downloaded the Malware and Virus on your Apple Mac Device. IOS Defender is Suspicious about your MAC System Security.Please do not try to shut down or restart your computer. Call Apple technical Support Immediately at +32 78 25 11 40 .
It may lock your computer permanantly or erase your hard disk .
Call Apple technical Support Immediately at +32 78 25 11 40 .
Your TCP Connection Was Blocked by Your IOS Security System. Your Mac Device and internet connection has been locked untill we may hear from you to immediately fix this issue.
Call Apple technical Support Immediately at +32 78 25 11 40 .
Screenshot of the "IOS /MAC Defender Alert" scam's background page:
Text presented in this page:
MAC / IOS Defender Alert : Error Code # 0x3e7
Please Do Not Shut Down Or Reset Your Computer .
**Apple Defender Alert **
Zepto Virus Detected In Your System Registry .
Dear IOS User, The Website you have recently visited may have downloaded the Malware and Virus on your IOS system. Apple Defender is Suspicious about your IOS System Security.Please do not try to shut down or restart your computer.It may lock your computer permanantly or erase your hard disk . Your TCP Connection Was Blocked by Your IOS Security System. Your MAC Device and internet connection has been locked untill we may hear from you to immediately fix this issue.
Call Technical Support
Immediately at +32 78 25 11 40
IOS Defender Alert
System Informations
IP : 85.206.10.62
Browser : Safari
Operating System : Mac
User Authentication Required : Call Apple Technical Support Now
+32 78 25 11 40
Appearance of the "IOS /MAC Defender Alert" scam (GIF):
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "IOS /MAC Defender Alert" pop-up?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
▼ Show Discussion