As your managed IT services provider, IT Solutions wants to provide as much awareness as possible of the latest scams and tactics that may put your data and company assets at risk. One such tactic that is common is pop-up phishing—a type of social engineering attack used by criminals to trick people into giving access to their computers and/or payment information. 

Pop-up phishing is a tech support scam where fake security alerts appear in your browser and try to scare you into calling a number, clicking a link, or downloading software. The safest response is to close the window and contact your trusted IT support team instead. 

What Is Pop-Up Phishing?

Pop-up phishing involves fraudulent messages that “pop up” for users when they are surfing the web. In many cases, cybercriminals infect otherwise legitimate websites with malicious code that causes these pop-up messages to appear when people visit them. 

The content of these messages is what makes them so effective. Often, they present the unsuspecting website visitor with some kind of fraudulent warning—typically about the security of their computer or account. Then they either: 

• Prompt the visitor to download a “necessary tool” to fix the problem, such as an antivirus application, which turns out to be malware itself, or

• Instruct the visitor to call a fraudulent phone number for “support,” connecting them to scammers posing as legitimate technicians. 

This latter tactic has become especially common in tech support scams, where attackers try to scare users into granting remote access or paying for fake support services. 

An Example: “AppleCare Renewal”

Recently, a user consulted with us—thankfully, just in time—about what ended up being a pop-up phishing scam. While browsing the web on his MacBook Pro, this user encountered a pop-up message alerting him that there was a problem with his computer. Conveniently, the scammers behind the message provided a phone number for the user to call. 

Concerned, he did. 

The “Apple support representative” on the other end of the line prompted the user to establish a remote connection so the representative could diagnose the issue. Sure enough, the scammer was able to show the user that his AppleCare had expired and told him that he needed to renew it to the tune of $499. He then helped the user navigate to a web page where he could put in his credit card number to purchase the renewal. 

Of course, the payment page was a fraud. The user stopped at this point and reached out for help, thankfully. And the scammers did not install malware on his computer during their remote session; although, they certainly could have. 

What made this scam so convincing was that the scammers were able to show the user that his AppleCare subscription really was expired (side note: this wasn’t actually a problem, given the age of the laptop). This helped them establish credibility, which made the pop-up phishing scam all the more convincing. 

Rules for Avoiding Pop-Up Phishing Attacks

So, what can businesses do to keep their employees from falling for this kind of scam? While technical safeguards (like secure browsing controls and endpoint protection) can certainly reduce exposure, employees are still vulnerable to social engineering attacks, wherein criminals rely more on deception and human vulnerability than high-tech hacking to trick users into giving up money or information. 

To avoid pop-up phishing, don’t trust urgent browser alerts about infections or account problems. Avoid clicking inside the pop-up, don’t grant remote access, and report anything suspicious to your IT or security team right away. 

The answer, then, is raising awareness and giving employees clear guidelines for how to interact with messages they may see pop up on their computer. Here’s a list of rules to start with: 

• Expect to see fraudulent pop-ups. Even if you have antivirus installed on your computer, you will likely encounter fraudulent pop-up messages on some websites. This usually doesn’t mean your computer is infected, but rather that the website you’re visiting is compromised or serving malicious ads.

• Distrust urgent pop-up warnings. In general, distrust pop-up messages on websites—especially if they claim to have found issues with your computer or urge you to act immediately. A legitimate IT support group will not rely on random website pop-ups to alert you to problems.

• Never give remote access to unknown parties. Never give anyone remote access to your computer unless you know who they are, trust them, and the session was initiated through a known, legitimate support channel.

• Verify directly with the vendor or your IT team. If you’re ever in doubt about the legitimacy of a message you’ve seen from a vendor, contact that vendor directly (look up their official contact information instead of using what’s shown in the message) or, even better, contact your internal IT support team or your managed IT services provider.

• Report incidents quickly. Encourage employees to take screenshots, close the browser if possible, and report suspicious pop-ups promptly. Early reporting gives your IT or security team a better chance to block similar attacks and educate other users. 

Need Help Improving User Awareness and Protection?

Pop-up phishing and tech support scams target busy, well-intentioned people who are just trying to get work done. A combination of solid technical controls and ongoing user education is the best way to reduce your risk. 

If you’d like help strengthening your defenses—through security awareness training, better endpoint protection, or incident response planning—IT Solutions’ Cybersecurity Services Team can work with you to design a program that fits your environment and budget. 

Frequently Asked Questions

• How is pop-up phishing different from regular phishing emails?
  Pop-up phishing starts in the browser, using fake alerts or warnings on websites to scare users into acting. Traditional phishing usually arrives by email or text. Both are forms of social engineering, but pop-up phishing can feel more urgent because it appears while users are actively working online. 
• Do pop-up phishing attacks only affect desktop and laptop computers?
  No. While many pop-up scams target desktop and laptop browsers, similar tactics can appear on mobile devices—especially through in-app browsers or malicious ads. Mobile users should be just as cautious about unexpected alerts and should close suspicious pages instead of interacting with them. 
• Are Mac users safer from pop-up phishing than Windows users?
  Mac users are just as likely to encounter pop-up phishing and tech support scams, often branded with Apple logos or references to AppleCare. These scams target people, not just operating systems, so the same rules apply: distrust unsolicited pop-ups and verify any issues through official Apple channels or your IT team.