'Google Security Warning' Scam

'Google Security Warning' Scam Description

Type: Adware

The 'Google Security Warning' scam revolves around the legitimate warnings shown to Google Chrome users when corrupted and untrusted sites are loaded in the browser. Con artists work with Web developers to publish pages that generate fake 'Google Security Warning' pop-ups and aim to direct the user to call a toll-free number and get help. However, the phone lines listed on the 'Google Security Warning' notifications are not operated by certified computer experts. In many cases, the variations of the 'Google Security Warning' scam are run by illicit companies in India that attempt to take advantage of inexperienced users who stumble upon the 'Google Security Warning' notifications. The Web pages that generate the fake 'Google Security Warning' messages feature a code dubbed 'a pop-up loop' that instructs the browser to keep the 'Google Security Warning' pop-up on the screen and prevent the user from leaving and switching tabs. That way, some users may believe the 'Google Security Warning' messages, which read:

'Firewall detecting "suspicious" incoming network connections, we
recommend that you click on "Back to Safety"
Your computer is blocked!
Call now 1800-239-102
Your computer with the IP address [YOUR IP] has been infected by the Trojans Because System Activation KEY
has expired & Your information (for example, passwords, messages, and credit cards) have been stolen. Call the
Windows Help Desk 1800-239-102 to protect your files and identity from further damage.
call Now: 1800-239-102'

Consequently, a call to 800-239-102, and other numbers advertised that way, would connect you to a con artist who will try to sell you a "Premium Technical Support" plan. Before you get to the marketing pitch, the con will try to connect to your machine using a remote desktop tool under the pretext that he/she needs to assess the situation on your end. If you grant remote access, the con artists are very likely to open the SysKey utility on Windows, lock your account and claim that you need to pay a few hundred dollars to have the system unlocked. The technical support agent would make excuses and say that a virus has locked you out, which can be removed with help from an expert that happens to be on your phone right now. Cyber security researchers recommend users surf the Internet using a trusted browser that has the latest updates to minimize the chances of opening a phishing page. AV engines that scan scripts on Web pages may bring up the following detection names in a warning box when you load the 'Google Security Warning' pop-ups:

  • Ransom:JS/TechBrolo.A
  • SupportScam:JS/TechBrolo.A
  • SupportScam:MSIL/Hicurdismos.A
  • Suspicious_GEN.F47V0429
  • Trojan.FakeAlert!8.56B (topis)
  • Trojan/Generic.ASVCS3S.448
  • Win32.Trojan.Rassmd.Auto

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.