Avoid getting scammed by fake "Microsoft Windows Firewall Warning" websites
Written by Tomas Meskauskas on (updated)
What kind of scam is "Microsoft Windows Firewall Warning"?
While investigating untrustworthy sites, our research team discovered the "Microsoft Windows Firewall Warning" scam. Upon inspection, we determined that it is a technical support scam.
This scheme falsely claims that the user's computer is infected with malware and requires immediate actions to be secured. The goal is to trick the victim into calling the supposed helpline, thus entangling them into an elaborate scam.
"Microsoft Windows Firewall Warning" scam overview
When a website running the "Microsoft Windows Firewall Warning" scam is accessed, it displays multiple pop-up windows. The key points made by this hectic page are claims that the user's device is riddled with infections and that a variety of sensitive data is at risk. Throughout the scam, the user is urged to call the provided support line.
As mentioned in the introduction, all this information is false, and the scheme is in no way associated with Windows, Microsoft, or any other genuine entities.
After the fake helpline is called, the scammers continue pretending to be "expert technicians", "Microsoft-certified support", etc. The scam may take place entirely over the phone call. The victim can be tricked into revealing sensitive information, making monetary transactions, downloading/installing malware, and so on.
In most cases, tech support scams require users to allow the cyber criminals remote access to their devices. This is typically achieved using legitimate software, such as AnyDesk, TeamViewer, UltraViewer, etc.
How the scheme progresses after the connection is established may vary, yet all possible routes it might take pose significant threats to the victim.
Threats posed by tech support scammers
When a scammer remotely accesses a victim's device, they may disable or remove genuine security tools, install fake anti-viruses, extract vulnerable information, or infiltrate malware into the system (e.g., trojans, ransomware, cryptominers, etc.).
Cyber criminals primarily target the following data: personally identifiable details (e.g., name, age, sex, marital status, occupation, home and work addresses, etc.), account log-in credentials (e.g., emails, social networking, social media, e-commerce, online banking, digital wallets, etc.), and finance-related information (e.g., banking account details, credit card numbers, etc.).
The victim may be lured into disclosing the information over the phone or entering it into phishing websites/files. Alternatively, data-stealing malware may be used for this purpose.
Throughout the process, the scammer continues the charade of providing some sort of technical support (e.g., removing "malware", detecting "hackers", etc.). These fake services tend to carry exorbitant fees.
Cyber criminals use difficult-to-trace methods for obtaining funds, e.g., cryptocurrencies, gift cards, cash hidden in innocent-looking packages and shipped, etc. These techniques hinder persecution and eliminate money recovery options for victims. It is pertinent to mention that it is often the case for successfully scammed users to get targeted repeatedly.
In summary, by trusting a scam like "Microsoft Windows Firewall Warning" – users can experience system infections, severe privacy issues, financial losses, and even identity theft.
If you have accessed a deceptive webpage and cannot exit it – end the browser's process using Windows Task Manager. When reaccessing the browser, start a new browsing session since restoring the previous one will reopen the scam page.
If you have permitted scammers to access your device remotely – you must first disconnect it from the Internet. Secondly, uninstall the remote access program that the criminals used, as they might not need your permission to reconnect. Lastly, perform a full system scan with an anti-virus and remove all detected threats.
If you believe that your log-in credentials have been exposed – change the passwords of all potentially compromised accounts and inform their official support.
And if you've disclosed your personally identifiable or finance-related information (e.g., ID card details, passport scans/photos, credit card numbers, etc.) – immediately contact the corresponding authorities.
Name | "Microsoft Windows Firewall Warning" tech support scam |
Threat Type | Phishing, Scam, Social Engineering, Fraud |
Fake Claim | Malware infections have been detected on the user's device and their data is at risk. |
Disguise | Microsoft |
Tech Support Scammer Phone Number | +1-844-314-5702, +1-844-324-0015, +33903683647 |
Symptoms | Fake error messages, fake system warnings, pop-up errors, hoax computer scan. |
Distribution methods | Compromised websites, rogue online pop-up ads, potentially unwanted applications. |
Damage | Loss of sensitive private information, monetary loss, identity theft, possible malware infections. |
Malware Removal (Windows) | To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Technical support scam examples
"A Malicious Item Has Been Detected!", "U.S. Securities And Exchange Commission", "Firewall Update Required", and "Threat Service Has Stopped" are just a few examples of tech support scams we have investigated recently.
Aside from claims regarding system infections, other commonly used lures include: outdated software warnings, package shipping issues, product promotions, giveaways, lotteries, and so forth.
The Internet is full of deceptive/malicious content, and it may be competently disguised. Therefore, we strongly advise caution while browsing.
How did I open a scam website?
Online scams are promoted on deceptive webpages, which are seldom accessed intentionally. Users can enter these pages via redirects generated by sites utilizing rogue advertising networks, misspelled URLs, intrusive ads, and installed adware. Spam is also used in scam promotion, e.g., emails, PMs/DMs, SMSes, browser notifications, social media/ forum posts, etc.
How to avoid visiting scam websites?
Fake and dangerous online content usually appears legitimate and harmless. For example, while spam browser notifications and intrusive ads may look innocuous – they redirect users to highly questionable sites (e.g., scam-promoting, pornography, gambling, etc.).
We advise against using websites that offer pirated programs/media or other dubious services (e.g., Torrenting, illegal streaming/downloading, etc.), as these webpages typically employ rogue advertising networks. Another recommendation is to pay attention to URLs and type them carefully.
To avoid receiving unwanted browser notifications – do not permit suspicious pages to deliver them (i.e., do not click "Allow", "Allow Notifications", etc.). Instead, ignore or deny notification delivery from such webpages (i.e., select "Block", "Block Notifications", etc.). Be vigilant with incoming emails/messages and do not open attachments/links found in suspect mail.
To prevent harmful/bundled content from infiltrating the device – download from only official/trustworthy sources and treat installations with care (e.g., read terms, explore options, use "Custom/Advanced" settings, and opt out of additional apps, extensions, tools, etc.).
If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.
Text presented in "Microsoft Windows Firewall Warning" scam pop-up:
Windows Security
Microsoft Windows Firewall Warning !
That server also reports: " Your informaiton is at a Serious risk. Harmful malware infection Debug Malware error (code 0x80093acf). Call immediately to save Hard disk failure & Data loss. This Harmful malware is affecting your online information & can Track Financial Activity. @ +33903683647 TollFree".
The appearance of "Microsoft Windows Firewall Warning" pop-up scam (GIF):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Microsoft Windows Firewall Warning" tech support scam?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Frequently Asked Questions (FAQ)
What is a pop-up scam?
Pop-up scams are messages intended to deceive users into performing specific actions. To elaborate, victims may be enticed into calling fake support lines, allowing scammers to access devices remotely, disclosing sensitive information, making monetary transactions, purchasing products, subscribing to services, downloading/installing software, etc.
What is the purpose of a pop-up scam?
Pop-up scams aim to generate revenue. Scammers profit primarily by obtaining funds through deception, selling or abusing private data, promoting content, and proliferating malware.
Why do I encounter fake pop-ups?
Pop-up scams are primarily promoted through websites that use rogue advertising networks, misspelled URLs (typosquatting), spam (e.g., emails, DMs/PMs, browser notifications, social media/ forum posts, etc.), intrusive advertisements, and adware.
I cannot exit a scam page, how do I close it?
If it is impossible to exit a scam webpage – end the browser's process using Task Manager. Note that restoring the previous browsing session will reopen the deceptive page. Hence, start a new session when reaccessing the browser.
I have allowed cyber criminals to remotely access my computer, what should I do?
If you have permitted cyber criminals to access your device remotely – firstly, disconnect it from the Internet. Secondly, remove the remote access software used (e.g., UltraViewer, TeamViewer, etc.), as the criminals may not need your consent to reconnect. Lastly, perform a full system scan with an anti-virus and remove all detected threats.
I have provided my personal information when tricked by a pop-up scam, what should I do?
If you have provided your log-in credentials – immediately change the passwords of all possibly exposed accounts and inform their official support. However, if the disclosed information was of a different personal nature (e.g., ID card details, credit card numbers, etc.) – contact the appropriate authorities without delay.
Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?
Combo Cleaner is designed to detect and eliminate all manner of threats. It is capable of scanning visited sites for deceptive/malicious content. Hence, should you enter such a webpage – you will be warned immediately, and further access to it will be blocked. Furthermore, Combo Cleaner can detect and remove practically all known malware infections. Keep in mind that running a complete system scan is crucial since sophisticated malicious programs usually hide deep within systems.
▼ Show Discussion