Is this a scam?

My husband was using safari watching a youtube video, He put it on pause and opened another safari window to google the person.

and then this window in safari popped up

I closed the window, is there anything else I should check his computer for?

Thanks.

Yes, it’s a scam. I can no longer reach that domain.

Malwarebytes has a free tier that will check your Mac for known malware.

2 Likes

It is 100% a scam. It’s unlikely that it did anything actually harmful to your computer as long as you didn’t click anything else or download something from the page. Just close the window and you should be fine.

It is a scam, and do not click on anything in that window. Apple cannot remotely scan your Mac. Close the browser, then shut the Mac down and wait a few minutes, and then reboot.

1 Like

One other thing to do:

Go into Safari->Preferences->Privacy and search for the URL of the site that triggered the warning. Select it and tap the ‘Remove’ button to remove anything cached from the site and any cookies left.

2 Likes

In addition to what everybody else said, I recommend running an ad blocker. Either as an add-on to your browser or some other mechanism.

Scams like this are often distributed through advertising networks. Some random web site’s ad tells your browser to open a popup window, which presents a scary looking page like this one. If you click on the link, it will try to install malware. Various security mechanisms in your browser and/or macOS should require your approval, but the scammers are expecting that you will give it approval because of the scary web page that claims to be from Apple.

If you are blocking ads, then you probably won’t see the scam at all, since the ad network itself will be blocked.

All this having been said, some telltale signs that this is a scam:

  • You’re viewing a web page. This is a Safari browser window, not an alert from any kind of anti-malware app.
  • Even if you think Apple has some system for scanning and reporting malware through Safari, note that you are not viewing an Apple web site. This page is coming from a system-appstore.com domain. Apple would be using a domain that Apple owns. Probably something under apple.com or icloud.com.
  • The page has bad English. Probably not written by someone who is a native English speaker.
  • The web page is threatening you. Lines like “2 minute 4 seconds remaining before damage is permanent.” sound scary (something you might see in a movie), but make no sense at all. Malware doesn’t publish timers - it just causes damage. And real malware scanners don’t try to scare you into running them.
  • Why is the page asking you to scan for anything if malware was already detected? Again, they’re trying to scare you into acting without thinking.
3 Likes

Pop up scam. Do not click on the button to ‘scan’. Close window and go about your day.

Apple can run remote diagnostics if you want Applecare

@Simon I second the Malwarebytes recommendation. I have them on all my Macs, my iPhone and my iPad Pro. The iPhone app is really great at both blocking and/or highlighting questionable calls. The Mac app is excellent and right on top of things - daily scans and alerts when needed.

Great advice in the other responses here. I’m recommending to my brother that he check this discussion because he is having some issues and really has neither the time nor the tech comfort to know how to respond to the ever changing security issues online brings to us these days. Thank you all!

1 Like

Geez, you are right. I forgot that Apple Care ran diagnostics on my iPhone years ago.

I assume this was some kind of remote-access app where they ran a utility and collected results as a part of investigating a problem you had already reported to them.

I’m sure they didn’t randomly scan your system without your knowledge and then deliver the report by interrupting a web browsing session with a random popup window.

1 Like

There’s this solution hat is lost in the history archives.

I recently did something (don’t know - fat finger maybe) that caused a very ransomware-ish page to open. I force-quit Safari and then held down the Option key to relaunch Safari. Safari launches with no tabs. You can go to History to reopen the good tabs. HTH Mike

1 Like

I consider it good practice to configure web browsers to never automatically re-open windows from a previous session. This way, if you must force-quit the browser, it won’t re-open with the tabs/windows that were causing problems. On Safari (at least on Catalina), here’s the relevant preference:

1 Like

#Recognize and avoid phishing messages, phony support calls, and other scams

https://support.apple.com/en-us/HT204759

Those pop-up virus messages are ALWAYS a scam. They might claim to be from Apple but they’re not. Hysterically, it can even claim to be Microsoft tech support and my Mac clients still fall for it! Sometimes, like in the OP example, if you click on the link it will install some malware.

In a more harmful variation, there’s a phone number to call to speak to a “tech”. The victim usually freaks out because it’s a JavaScript trap that they can’t figure out how to get rid of (it’s actually pretty easy). So they call.

Typically, the “tech” get remote access to your computer, open the system log, and proceed to do very technical scary looking stuff. Then they’ll ask for a credit card number. Ostensibly this is for “lifetime protection”.

Having had maybe a dozen of my clients fall for this over the years, I worry that some sort of keylogger or spyware is being installed, but I think maybe all they’re after is the credit card number. Years ago they only charged a couple hundred dollars. The last incident I heard about it was $2500. Almost always the victims are older people who are pretty insecure about technology anyway.

Scammers that victimize older people really make me especially angry. It sure seems to me like with a trail left from a credit card there should be a means of cracking down on these people.

2 Likes

Now they’re using echecks.

1 Like

This is a newer version of an old scam. No popup in your browser is going to know if your computer is infected, and Apple, or Microsoft, or anyone else won’t either. If you have Malwarebytes scanning, or Intego’s VirusBarrier, which I like better for actual malware, you may get a notification, but not in your browser.