We often get asked how to identify a real alert (from Windows, Apple, anti-virus, etc) from a fake alert. While hackers are always advancing their trade to improve their success rates, the following general rules apply when presented with sudden “alert” or pop-up window.
- Will include the vendor logo, vendor product name, and details on the problem. For example, a Symantec anti-virus alert will show the Symantec logo and detail what scan found what specific issue.
- Will discuss what HAS been done, not what YOU must do.
- Will mix vendors. For example, refer to the fake alert shown in this post which occurred for an ESG client recently. This alert mixes Chrome (a Google product) with Microsoft.
- Will call for YOU to immediately do something. For example, often they will ask you to call a number or click a link.
- Will sometimes use poor spelling or grammar.
- Will attempt to increase your stress level by insisting action must be taken immediately.
So what do you do if you get a fake alert? If possible, close the browser immediately. Save everything you are working on, and reboot. If you cannot see the normal browser window or the fake alert fills the whole screen, press and hold the power button on your system. This will power down your system.. losing any unsaved work (but you have been saving your documents often, right?). If when you reboot the alert returns, please CONTACT US at ESG immediately.
In some cases the fake alert will create a fake “close” button.. be wary of these.. if you cannot see your normal windows, do not click around at random but rather use the “hold the power button” method from above. Also, in some cases an alert might be from ransomware. If you were opening a file when you received the alert, use the “hold the power button” method from above, make a mental note of what file this occurred on, and contact us for help.
Figure 1 – Example of fake alert.. note the mixed vendors, call for action, urgent wording, and questionable grammar