Anyone Else seeing more of the old "Scareware" popups all of a sudden?
Posted by MrKixs@reddit | sysadmin | View on Reddit | 33 comments
I haven't seen these since 2010 but I got like 4 reports for them this week. I thought I was having some weird flashback. Old school, full screen hijack with the "You have Virus - Call Microsloft Scamport at 800-555-1212". What's next we going to start having to clean "#1 Great Coupon Toolbar" off of computers again?
VexingRaven@reddit
I got a scareware redirect on Fandom last night. Caught me by surprise because I thought we had stopped allowing ad buyers to run scripts like a decade ago!
InsaneGuyReggie@reddit
Off topic, but my landlady got one of those years ago and charged all of us in the house to pay for the pre-paid visa she bought and gave to the scammers. I got a free Sony Vaio system (a P4 in 2015) though when she threw the computer away. She really thought paying “the FBI” would make that popup go away.
MrKixs@reddit (OP)
I remember that "FBI Virus", That go real big when I was doing "Advanced Computer support" for an ISP. I would get grown men calling in tears thinking they accidently looked at underage "corn" and were going to go to jail or even worse when a guys wife would call in thinkimg her husband was a pervert. It was one of the more fulfilling parts of my job when I would tell them it was a scam and they were not in any trouble. I know of at least 3 marriages I saved and at least 1 guy from offing themselves.
InsaneGuyReggie@reddit
She blamed one of us and threatened to remove our Internet access but she never did. The webpage I saw taking it over said it was copyright strikes and illegally downloading music/movies. I fixed her machine with FreeBSD lol.
You did the Lord’s work letting people know that didn’t come from the actual US Gov’t
MrKixs@reddit (OP)
Ya some of those were heartbreaking. Hearing a grown man sob, (serious uncontrolled panic) thinking his life was over, got me right in the feels. I was just glad that they called me before doing some stupid, I hate to think about the ones that didn't. That virus was truly horrible. Sometimes those calls were funny, like this one lady that got it and knew she did nothing wrong. After I cleared it out, she wanted to know how she got the virus, so I showed her how to look into the browser history. She found out that her new BF was looking up some pretty kinky stuff. Nothing illegal or even shady, but the kind of stuff she wasn't, shall we say, "equipped" for. Her reaction was priceless; I laughed so hard after that call I had to go on break to compose myself.
InsaneGuyReggie@reddit
I just imagined it
KoboldIdra@reddit
Ah yes the 2012 MoneyPak Ransomware, no? I accidentally downloaded that as a kid. Fun time.
CarnivalCassidy@reddit
The fact the people like that can own property and have power over other people's lives is terrifying.
mortsdeer@reddit
I'm getting them via rogue calendar reminders on google calendars. There's probably a setting somewhere to not allow this ...
MrKixs@reddit (OP)
WTF, are these scammers feeling nostalgic or something. What is next Bonzi Buddy and ask.com Toolbars?
KoboldIdra@reddit
Yes, definitely seeing an uptick as of late. Bit odd but it does tend to get people rattled still so i guess it still works. Luckily most of my users have been pretty calm when it happens and we both laugh our asses off about it
meatwad75892@reddit
Antivirus XP 2026 here we go!
baron_vlad@reddit
Turn off the ability of your users to allow notifications from websites.
disclosure5@reddit
This. Whoever designed the browser desktop notification system and let it be enabled by default needs to be taken out to pasture.
OP, this is a simple GPO or Intune policy.
meatwad75892@reddit
Mobile has the same problem. Once a year my dad calls about "weird virus messages popping up on his phone", and it's never actual malware or even garbage apps -- It's always Chrome notifications that he enabled for a garbage website that he inadvertently allowed.
Kindly-Top5822@reddit
dunno if I have set a specific setting but every site that want to send notifications I get asked by firefox if I want the site to allow to send me notifs I thought that was the standard
disclosure5@reddit
Having a browser ask you to click yes is exactly the same as automatically, silently accepting the notification for nearly every end user.
So yeah, you have the "standard", which should turned off as an option for the general population.
Kindly-Top5822@reddit
I think I am a bit oblivious sometimes since I barely have to do stuff for non IT ppl since I work in a ppl with almost only other IT folk
disclosure5@reddit
Yeah, these sort of UX problems vary wildly in their scope between you and I, and say, a legal firm or hospital. Where staff would say "I had to click yes to make it go away" openly telling you they didn't read it, and didn't register that "deny" was an option.
It's the same as phishing to be honest. We talk extensively about how a lack of MFA just invites people to walk into your inbox, but you and I would probably never enter a password into a website hosted on reallymichaelsoft.to in the way 99% of people would.
MrKixs@reddit (OP)
Already writing up the change request for the GPO.
BadAsianDriver@reddit
Had to do this for a user today. A .in domain.
No_Initiative8846@reddit
Me too
MrKixs@reddit (OP)
Same.
allmightybrandon@reddit
Yeah, we’ve had a few recently and in our case it was mostly browser notification permissions plus sketchy ad networks rather than actual malware. Feels very 2009, but still worth checking default browser policies and locking down users’ ability to allow random site notifications.
digitizedeagle@reddit
Sometimes, it occurs when the user visits a less-than-honorable website, which means it may not be a system alert but rather a JavaScript pop-up.
NoTime4YourBullshit@reddit
I can’t wait for a good, old-fashioned pornado. You remember, right? A bunch of porn websites would pop up all over the screen? Just because you mis-typed a URL. Those were the days.
Bring back BonziBuddy!
disclosure5@reddit
I vividly remember taking a call from a leagues club where the entry display had been hit by a pornado.
ahazuarus@reddit
Monthly, not me, users. Not all of a sudden, and not within the confines of the networks I control. Mostly.
TerrificVixen5693@reddit
Super common.
ViciousXUSMC@reddit
Usually it's from someone going to the wrong site for me. Have not really seen an uptick.
fshannon3@reddit
Same here. Every once in a while I'll get a user that gets "attacked" but nothing regular. And even less frequent is one that just completely takes over, doesn't allow Task Manager to even open, so a hard reboot is usually in order (just the quickest route to get them back up and working).
iamLisppy@reddit
Enable Scareware blocker if Edge
funktopus@reddit
I've noticed an increase in them. Had a few in the last couple of weeks.