Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Suspicious Activity Detected - Pop Up Window

I got a pop-up window in Safari about "Suspicious Activity Detected" and that my browser might have been hijacked. It then says I should contact the number listed. Every time I clicked okay, the window keeps returning. I ended up doing a force quit on Safari. I am assuming this is one of those annoying spam deals, no? I am just wondering based on this attached screen shot if that is the case and if anyone else has seen the same window before.


User uploaded file

iMac, OS X Mountain Lion (10.8.5)

Posted on

Reply
Question marked as Helpful

Sep 2, 2014 8:26 PM in response to Carlton Chin In response to Carlton Chin

It's not malware. It's a JavaScript scam that only affects your web browser, and only temporarily.

1. Some of those scam pages can be dismissed very easily. Press command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.

2. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Security

and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.

Close the malicious window or tab.

Re-enable JavaScript and close the preferences dialog.

3. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. From the menu bar, select

Safari Preferences... Privacy Remove All Website Data

to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

Question marked as Helpful

Dec 8, 2014 10:31 AM in response to Sharon Langham In response to Sharon Langham

The following comes from user stevejobsfan0123.


Occasionally, a browser window may pop up with a scam message. Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus, and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. Most of these scammers, if you actually call the number, will ask you to install software giving them remote control over your computer. Do not do this either. This article will outline the solution to dismiss the pop-up.


Quit Safari

Though you will probably have to quit Safari, you can first try closing the tab by pressing Command + W. Sometimes, however, these pop-ups will not go away by attempting to close the tab, nor by clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.


Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.


This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.


None of this Worked!

If pressing Command + W does not work, and force quitting Safari and restarting the application with the Shift key held down does not get rid of the pop-up you will have to reset Safari. Normally, this can be done by launching Safari, then in the menu bar, going to Safari > Reset Safari. However, most pop-ups of this variety will block access to many of the drop-down menus in the menu bar. You will need to locate a file on the computer and move it to the trash. Make sure you quit Safari first (force quit if necessary).


To start, open Finder. The press Command + Shift + G, or in the menu bar, select Go > Go to Folder. Type the following file path:


~/Library/Preferences


Look for a file named com.apple.Safari.plist, and drag it to the trash. Then restart your Mac. After it reboots, try launching Safari. A new preferences file should have been automatically created, so no more action is required on your part, and the pop-up should now be gone.


The Source of the Scam

In addition to the FBI scam, there are a few webpages with bogus technical support pop-ups or "security alerts," claiming you have a virus as described earlier. These webpages include but are not limited to:

  • macsecurityissue.com
  • helpmetek.com
  • applesecurityalert.com
  • websternal.net
  • newsalert.report-o.com
  • mac-system-alerts.com
  • geek-techies.com
  • system-connect.com
  • instants-pc-fix.com
  • flasherrordetector.websiteviruscleaner.com
  • safaricontact-help.com
  • system-logs.info
  • customer-help.in

There’s more to the conversation

Read all replies
Question marked as Helpful

Sep 2, 2014 7:21 PM in response to Carlton Chin In response to Carlton Chin

Do not call the number, it's a hoax.

Just in case, check for malware ...



Download and run the adware removal tool here > The Safe Mac » Adware Removal Guide


Easy, safe, and only takes a minute or two.

Sep 2, 2014 7:21 PM

Reply Helpful (5)

Sep 2, 2014 7:21 PM in response to Carlton Chin In response to Carlton Chin

It's a scam. You might want to go through the instructions in the articles below from our fellow Community Support member Thomas Reed:


The Safe Mac » Mac Malware Guide


The Safe Mac - ADWARE REMOVAL


The Safe Mac » Adware Removal Tool


Cheers,


GB

Sep 2, 2014 7:21 PM

Reply Helpful (3)
Question marked as Helpful

Sep 2, 2014 8:26 PM in response to Carlton Chin In response to Carlton Chin

It's not malware. It's a JavaScript scam that only affects your web browser, and only temporarily.

1. Some of those scam pages can be dismissed very easily. Press command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.

2. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Security

and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.

Close the malicious window or tab.

Re-enable JavaScript and close the preferences dialog.

3. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. From the menu bar, select

Safari Preferences... Privacy Remove All Website Data

to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

Sep 2, 2014 8:26 PM

Reply Helpful (27)

Oct 9, 2014 4:58 AM in response to Linc Davis In response to Linc Davis

Hi,
I've been experiencing the same problem, I followed all the instructions here but still cant stop the pop ups. In fact, this command box continues to pop up every time I close it. I tried turning off Wifi but it did not affect the pop ups. I cant even access my safari preferences.


please advise?

Oct 9, 2014 4:58 AM

Reply Helpful
Question marked as Helpful

Dec 8, 2014 10:31 AM in response to Sharon Langham In response to Sharon Langham

The following comes from user stevejobsfan0123.


Occasionally, a browser window may pop up with a scam message. Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus, and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. Most of these scammers, if you actually call the number, will ask you to install software giving them remote control over your computer. Do not do this either. This article will outline the solution to dismiss the pop-up.


Quit Safari

Though you will probably have to quit Safari, you can first try closing the tab by pressing Command + W. Sometimes, however, these pop-ups will not go away by attempting to close the tab, nor by clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.


Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.


This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.


None of this Worked!

If pressing Command + W does not work, and force quitting Safari and restarting the application with the Shift key held down does not get rid of the pop-up you will have to reset Safari. Normally, this can be done by launching Safari, then in the menu bar, going to Safari > Reset Safari. However, most pop-ups of this variety will block access to many of the drop-down menus in the menu bar. You will need to locate a file on the computer and move it to the trash. Make sure you quit Safari first (force quit if necessary).


To start, open Finder. The press Command + Shift + G, or in the menu bar, select Go > Go to Folder. Type the following file path:


~/Library/Preferences


Look for a file named com.apple.Safari.plist, and drag it to the trash. Then restart your Mac. After it reboots, try launching Safari. A new preferences file should have been automatically created, so no more action is required on your part, and the pop-up should now be gone.


The Source of the Scam

In addition to the FBI scam, there are a few webpages with bogus technical support pop-ups or "security alerts," claiming you have a virus as described earlier. These webpages include but are not limited to:

  • macsecurityissue.com
  • helpmetek.com
  • applesecurityalert.com
  • websternal.net
  • newsalert.report-o.com
  • mac-system-alerts.com
  • geek-techies.com
  • system-connect.com
  • instants-pc-fix.com
  • flasherrordetector.websiteviruscleaner.com
  • safaricontact-help.com
  • system-logs.info
  • customer-help.in

Dec 8, 2014 10:31 AM

Reply Helpful (8)

Mar 19, 2015 2:33 PM in response to MadMacs0 In response to MadMacs0

Mad,


What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

While I was on the phone with the person, he briefly explained what the firewall/vault was and netstat on my terminal. Then he asked me to pay for some service. This was when I realized something wasn't right, so I told him I would have to call back after discussing it with my wife. I then saw that the connection via logmein was terminated... Did I get hacked? Or is the scam merely to get you to pay for that service?

Mar 19, 2015 2:33 PM

Reply Helpful (3)

Mar 19, 2015 6:44 PM in response to TropicFreakDog In response to TropicFreakDog

TropicFreakDog wrote:


What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

Restore from backup taken before the scammer logged into your computer.

Did I get hacked? Or is the scam merely to get you to pay for that service?

Impossible for me to say from where I sit. Only a forensically trained Mac technician would be able to tell you and even they might not be able to give you certainty.


I have not seen any reports of verified hacking, so if I had to guess I'd say they probable would be satisfied with your credit card number, but obviously best to assume you were and take the action necessary to make you comfortable with your computer as it is now.

Mar 19, 2015 6:44 PM

Reply Helpful
User profile for user: Carlton Chin

Question: Suspicious Activity Detected - Pop Up Window