How to avoid falling for scams like "Apple Security Services"

What kind of scam is "Apple Security Services"?

During our investigation, it has come to our attention that this is a typical technical support scam. The website utilizes deceptive messages in the form of fake warnings to deceive unsuspecting individuals into contacting scammers. It is important to remain vigilant and cautious when encountering such tactics.

More about the "Apple Security Services" scam

This scam involves a deceptive webpage that displays fake warning messages designed to create a sense of urgency and fear among users. The messages falsely claim that the user's MacOS system has been infected with spyware issues, including breaches of email and banking passwords.

The scam prompts users to take immediate action by calling a supposed Apple Security Toll-Free number (+1-844-540-7421) provided on the page. The goal of this scam is to trick unsuspecting individuals into contacting the scammers posing as Apple support representatives.

Possible damage

Once individuals fall for the fake warning messages and contact the provided number, scammers exploit the situation by persuading users to grant them remote access to their devices under the guise of providing technical support. With this access, scammers can steal sensitive personal information, such as passwords, financial data, or even deploy malware (e.g., ransomware).

Moreover, they might demand payment for their supposed services, extorting money from unsuspecting victims under the threat of further harm to their devices or data. A couple of examples of scams where scammers aim to obtain remote access to computers are UltraViewer and TeamViewer scams.

Threat Summary:

Name	Apple Security Services technical support scam
Threat Type	Phishing, Scam, Mac malware, Mac virus
Fake Claim	A computer has been infected with malware
Disguise	Warning from Apple Security
Fake Technical Support Number	+1-844-540-7421
Related Domain	uusa7.z28.web.core.windows[.]net
Detection Names (uusa7.z28.web.core.windows[.]net)	Google Safebrowsing (Phishing), Full List (VirusTotal)
Serving IP Address	20.60.157.68
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, notifications from shady pages, sites associated with rogue advertising networks, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information, computer infections, identity theft, and more.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similar scams in general

These scams typically employ fear tactics by displaying alarming messages or warnings, such as claims of malware infections or security breaches, to prompt immediate action from users. Also, they request users to contact a provided phone number or click on a link to purportedly resolve the issue, leading victims into engaging with the scammers.

Once contacted, scammers often impersonate legitimate technical support personnel, persuading users to grant them remote access to their computers. This access enables scammers to steal sensitive information, install malware, or extort money from victims under false pretenses.

Examples of similar scams are "AppleCare - Official Security Alert", "Your Apple May Be Not Safe!", and "MacOS Security Center".

How did I open a scam website?

Users frequently encounter scam websites through various means, such as clicking on malicious ads, unintentionally visiting compromised websites, or succumbing to phishing emails that lead them to deceptive pages. Additionally, certain scams exploit search engine optimization manipulation, redirecting users who search for specific keywords.

Furthermore, users may inadvertently access scam websites through notifications received from unreliable sources, including torrent sites, illegal movie streaming pages, and other platforms associated with rogue advertising networks. Adware is another commonly used method for promoting technical support scams and other fraudulent schemes.

How to avoid visiting scam websites?

Exercise caution and skepticism while browsing the internet. Be vigilant when clicking links, especially those embedded in unsolicited emails or suspicious advertisements. Also, do not trust ads, pop-ups, and similar content displayed on shady websites, and do not allow such pages to show notifications.

Furthermore, download apps from official pages or app stores and employ security measures such as antivirus software and ad blockers to protect against malicious websites. Regularly update browsers, other apps, and operating systems. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate all threats.

Appearance of "Apple Security Services" scam (GIF):

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Apple Security Services"?
• STEP 1. Remove files and folders related to unwanted apps from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Unwanted applications removal:

Remove unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

A pop-up scam involves the presentation of deceptive messages (offers, warnings, or alerts) on a user's screen. These messages often assert a security threat or offer fraudulent technical support.

What is the purpose of a pop-up scam?

Ultimately, the aim is to manipulate users into actions that favor the scammers, whether by coaxing them into paying for unnecessary services, installing malware, providing remote access to their computers, providing personal information, or participating in other forms of cybercrime.

Why do I encounter fake pop-ups?

Users may find themselves on scam websites through various means, including clicking on malicious ads, visiting compromised websites, or falling prey to phishing emails. Additionally, scammers manipulate search engine results and exploit notifications from unreliable sources and rogue advertising networks to lure unsuspecting users.

Will Combo Cleaner protect me from pop-up scams?

Combo Cleaner can thoroughly scan every website you visit, detecting any potential malicious ones in the process. This includes websites crafted for pop-up scams, guaranteeing immediate warnings, and restricted access to protect users from falling victim to fraudulent schemes.

▼ Show Discussion