'ISP Critical Alert' Pop-Ups

The 'ISP Critical Alert' pop-ups are bogus security alerts that are designed to mislead computer users. The 'ISP Critical Alert' pop-ups will try to convince its victims to call fake technical support phone numbers and have been linked to newly created domains for the main purpose of delivering the 'ISP Critical Alert' pop-ups. The 'ISP Critical Alert' pop-ups will use branding associated with some of the most common ISPs in the United States, including Amsio, Spectrum, QuadraNet, MetroCast, and Comcast Xfinity, to make the 'ISP Critical Alert' pop-ups more convincing.

Why You Should Stay Away from the 'ISP Critical Alert' Pop-Ups

The 'ISP Critical Alert' pop-ups are associated with several phone numbers, including 866-475-7161, 844-703-3407 and 800-765-1745. The 'ISP Critical Alert' pop-ups also are linked to Bitcoin mining tools that will use the victim's computer to mine Bitcoin, causing it to slow down by using its resources for cryptocurrency mining. The 'ISP Critical Alert' pop-ups are simple to understand; they are designed to trick computer users into paying for bogus technical support services.

How the 'ISP Critical Alert' Pop-Ups Try to Mislead Computer Users

The 'ISP Critical Alert' pop-ups use Web pages that look legitimate. They will run slowly and affect the victim's computer by running a Bitcoin mining software such as Coinhive. The 'ISP Critical Alert' pop-ups campaign was first observed in January 2018, and there have been numerous domains associated with the 'ISP Critical Alert' pop-ups. The 'ISP Critical Alert' pop-ups will be generated in numerous domains, including the following:

error[.]secure-system[.]site
windows.microsoft.com[.]msf-help[.]info/_help/warning
windows.microsoft.com[.]msf-help[.]info/_microsoft/62
windows.microsoft.com[.]msf-help[.]info/_windows/chr
windows.microsoft.com[.]secure-alert[.]site
windows.microsoft.com[.]secure-sys[.]site
www-h-e-l-p----w-i-n-d-o-w-s---c-o-m----------18fs1uz-microsoft[.]desport[.]services
www-h-e-l-p----w-i-n-d-o-w-s---c-o-m----------adc-microsoft[.]aprimes[.]space

Note that these domains include strings that make it appear as if the 'ISP Critical Alert' pop-ups are connected to Windows or Microsoft in some way. However, there is no connection between the 'ISP Critical Alert' pop-ups and legitimate companies. The 'ISP Critical Alert' pop-ups themselves can be convincing because they will often include data about the targeted computer users, which may include their operating system and Web browser name and version, the IP addresses and geographical location, and alarming messages claiming that the victims' private information has been compromised.

Examples of the 'ISP Critical Alert' Pop-Ups

The websites that have been linked to the 'ISP Critical Alert' pop-ups include the following IP addresses:

104.27.134.98
104.27.135.98
104.27.168.222
104.27.169.222
83.243.40.115

The 'ISP Critical Alert' pop-ups tactic has numerous versions. The following are a couple of versions of this tactic that PC security researchers have observed:

'[ISP name] HAS BLOCKED YOUR PC
Error # 268D3
Call Microsoft immediately at +1-800-765-1745
Do not ignore this critical alert
If you close this page, your PC will be disabled to
prevent further damage to our network.
Your PC alerted us that it has been infected with a virus and spyware.
Call Microsoft: +1-800-765-1745'

'**[ISP name] Warning Alert**
Malicious Spyware/Riskware Detected
Error # 0x86672ee7
Please call us immediately at +1(866)475-7161
Do not ignore this critical alert.
If you close this page, your PC will be disabled to
prevent further damage to our network.
You must contact us immediately, so that our engineers
can walk you through the removal process over the phone.
Please call us in the next 5 minutes to prevent
your computer from being disabled.
Toll Free: +1(866)475-7161'

What Happens When You Call the Phone Number Linked to the 'ISP Critical Alert' Pop-Ups

When gullible computer users call the phone number associated with the 'ISP Critical Alert' pop-ups, the person answering the call will try to gather data about the victims and gain access to the victims' computers. Apart from this, the person on the line will try to convince them to purchase bogus technical support services and fake anti-virus software. This is a hoax, and you should refrain from calling any numbers linked to the 'ISP Critical Alert' pop-ups.