Windows Defender Security Warning

Is Windows Defender Security Warning Real? Scam Explained
One more tech support scam that disguises itself as a notification from Windows Defender

Windows Defender Security Warning is a scam website that says your PC is infected and you should contact Microsoft tech support. It is a part of a massive scam that aims at deploying unwanted software to user devices and taking money for solving non-existent problems. It exists for quite some time, and targets users all around the world.

Tech support scams is a rather odious type of online fraud, that uses different tricks to lure people into a phone call to a pseudo support. Windows Defender Security Warning is one of the most long-lasting approaches for this, and is probably the most widespread, too. I will explain what this scam is, how it works and how to avoid it in future.

What is Windows Defender Security Warning?

As I’ve said in the introduction, Windows Defender Security Warning is a browser window that you could have seen after clicking on a link on a certain website. It contains numerous smaller windows, that are in fact just images with no interactive content. These windows tell the user that their PC is blocked “for security reasons”. In the background, the robotic sound alert claims the following:

“Important security message! Your computer has been locked up. Your IP address was used without your knowledge or consent to visit websites that contain identity theft virus. To unlock the computer please call the support immediately. Please do not attempt to shut down or restart your computer. That will lead to data loss and identity theft.”

Clicking on any of the site elements – which in fairness may happen randomly – results in the website switching to a full screen, with no obvious way out. Escape button won’t work, and roaming the mouse around the screen won’t help out either. If the victim is not aware of combinations like Alt+F4, Alt+Tab or Ctrl+Shift+Esc, it may look like a trap. That, along with the sound alert, is what should push the user towards following the scam’s guidance and call the support.

Windows Defender Security Warning scam page
Typical example of a Windows Defender Security Warning page

As you understand, this all is just a scam that aims at capitalizing on the fear of people who have less knowledge about computer security and computers overall. But let’s have a closer look at how this scam works – there are quite interesting things going on inside.

Windows Defender Security Warning Mechanism Explained

Let’s start with how the scam starts. First thing these scammers need, obviously, is to get the user to this Windows Defender Security Warning page. For that purpose, they buy a link placement on a website, usually some dodgy place with pirated movies. After that, any click on the play button, or skipping the ad in the video player will throw the user to the aforementioned scam site.

The domains that host this scam vary a lot, but usually the URL contains some mentions of Microsoft. In some outrageous cases, fraudsters get a hosting from Microsoft themselves. Below, you can see the list of sites used in this scam campaign:

digitalcompletes[.]online spicyhotrecipes[.]site rickyhousing[.]xyz
gardenhub[.]site morningh[.]shop robortcleaning[.]site
jadeneal[.]autos programmaticcrooks[.]online elhiuwf[.]cf
hitorikawag[.]top adultfriend[.]store yeddt[.]jet
jonwirch[.]com aweqaw12d[.]tk helpadvance[.]ga
333waxonet[.]ml noblevox[.]com risingsolutions[.]online
pixua[.]com adultfriend[.]site giveserendipity[.]website
connectflash[.]ml ondigitalocean[.]app dothrakiz[.]com
jbvhjcbjzvhxvhzcjgzvgcczgh29[.]ml digitalflawless[.]ga todogallina[.]es
markmoisturise[.]online enterthecode[.]org ebonygirlslive[.]com

Once the user is on the site, not much is going on, apart from going full screen and playing the audio message that I’ve mentioned earlier. Its main target is to push the victim to reach out “tech support” by the number mentioned on the website at least 4 times. The phone call is where the last part of the scam goes on.

The pretended support manager will start with instructing the user on downloading sketchy software, that will definitely make the issue gone. How a program can solve the identity compromise – this they do not explain. Throughout this scam existence, fraudulent support offered quite a few different programs: SystemKeeper, Driver Updater, Wise System Mechanic and the like. All of them, as expected, are pseudo-effective unwanted programs that will further ask the user to pay for solving a myriad of problems they will inevitably find.

What is the purpose of all this, you’d ask? Money is a short and universal answer. Frauds who introduce themselves as tech support managers receive commission for each user they force to download the software. Developers of this software, in turn, have their profit from users buying the license. And considering how long-lasting this form of scam is, the money turnover here is pretty substantial.

How to Protect Against Windows Defender Security Warning Scam?

The main advice on protecting against getting into Windows Defender Security Warning scam and similar schemes is to avoid websites that initiate this chain. As I’ve said, the majority of redirects to scam websites happen from pages filled with pirated content. That should be just another reason to stay away from such places, on top of the fact that content piracy breaks the law. Moreover, when we talk about pirated software or games, it is also a significant security risk.

Learn how true notifications from security software look, and how they don’t. Neither Microsoft Defender nor other antivirus/antimalware programs send security notifications in the web browser. None of them ask you to call the support while blocking the computer (or making it look like it is blocked). And, obviously, no official tech support of any security vendor will ever tell you to install a questionable third-party software.

Use reliable antivirus software with network protection. To prevent the scam pages from opening, and be sure that your system is safe regardless of any notifications, a solid antivirus is a must. GridinSoft Anti-Malware will provide you with both excellent malware removal and network protection, thanks to its multi-component detection system and hourly updates.

Windows Defender Security Warning

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *