Malware / Spyware

I did visit it, love the robot voice eh 😀

These sites can vary, sometimes they're different for each user, based on where you're located, browser, computer… all sorts of things.

Here, it tried to keep the page open by constantly printing something, which requires a confirmation click, meaning the window/tab can't be closed in some browsers. Additionally, it tried to use FaceTime to make a voice call, doubtless to their fake helpline, who would have talked up near-certain doom which could be avoided by $$ or letting them access my computer or install their software.

Other reports on it suggest that yes, it sometimes will foist phishing or advertising software on visitors.

>>So presumably if 'iMac Backup' was a volume on the EHD, it couldn't be found on the iMac SSD under these circumstances?

That's correct.

Although there's no way the software can run unless you restore it : macOS Sierra: Remove a backed-up item from your backup disk I believe it would be the same in High Sierra.

The fake support website link was still 'live', by the way; but I see that it has been removed now.

You can't be hacked simply by visiting sites like that : only if you install or run some software that they might try to foist on you, or allow a 'telephone support person' to access your computer in order to remove some made-up threat.

File #3 could be a false alarm, or perhaps an email attachment containing what might be a dubious Word document.

#1 & #2 look real enough, but unlikely to have been added recently, or been recently active (assuming that BitDefender is reliable). You say that #2 can't be found : you mean there's no drive named iMac Backup or that it doesn't have backups on it ?.

Uninstall BitDefender. It is not needed and may interfere with the operating systems built in protections. It may also provide false positives which may cause you to take unnecessary and potentially harmful actions.

>>Do you think I'm at risk, given I didn't click / download anything?

No, you're not. Even if something had downloaded automatically, you would need to have opened it manually, or run the application.

Lots of people are fooled though; imagine that website minus the silly voice & looking a great deal like an Apple webpage… add a not too terrible sounding 'reset your Apple ID, we detected unusual activity' message… & many fall for it, starting by handing over their id & password.

Or say, a vital 'Flash' security update; or a 'codec' required for you to view a video, or a 'file viewer' for a pdf document.

Unfortunately, there are 'respectable' 😀 download sites which knowingly bundle adware & worse along with their (usually) genuine downloads, & rely on your reading the small print to opt out of it (even assuming that they take much notice of your wishes).

This is refog : https://www.refog.com/

I have the impression that usually, it's been added by an employer/family/friend/associate rather than some remote hack or malicious software install.

You do have an external with a volume named Seagate Backup Plus Drive right ?

Could it be another volume on that, and isn't showing because it's not connected ?.