I got an email that said my system had been detected as having been infected by 32 viruses. When I run a scan of my PC with Windows Defender, however, it reports nothing. What’s going on?
You are correct to be skeptical and props for running your own anti-virus software, rather than trusting a handy “run scan” button or link in what is in fact a scam email. It’s worse than a scam, however, because this kind of email message is actually intended to infect your computer so that the malicious senders can then scan your content, utilize your computer in what’s known as a botnet, and much worse.
It all seems so legit, though, an email that warns you that your smartphone or computer appears to have malware and offers a free scan to help remedy the situation. But why would you trust a stranger to “scan” your computer, particularly given that they’ve already ostensibly done so (and how did they do that? Answer: they didn’t).
Let’s have a closer look so you can understand how to avoid being scammed.
EMAIL: YOUR SYSTEM IS INFECTED!
The latest wave of email spam appears to be tapping into people’s appreciation of enumerated lists. We don’t get email saying “you have a virus” but instead “you have 17 viruses” or “you have (32) viruses”. Does that make it more trustworthy and believable? Not to me.
Still, who wouldn’t be concerned when an email like this appeared in their inbox?
Kinda looks a little bit legit, until you look more closely. For example, the sender is “@looseverage.com”. What’s that? It sure isn’t Google. It also talks about a “sim card” but I’m reading this email on my Mac system, so there’s definitely no phone or SIM card available. Plus, they’re read-only so you can’t actually have an infected SIM card, but that’s another story!
When I click on “Learn more”, I actually get an error message:
There’s also this second domain: blinkpressur.com? Again, it’s not Google. In fact, one sign of a spammer or scam is that the domain name keeps changing as it bounces you around the Web to try and hide its origin. As soon as you see a single questionable or weird domain, close that window!
HOW TO REMOVE VIRUS (OR ADD ONE)
Okay, I’m going to do what you should never do, just so you can see what happens. I’m going to click on “Security Check” to see what happens.
Good news! My browser protects me from a dumb choice. In Microsoft Edge I see this error:
And in Chrome I get this:
In both cases the system is acting as a safety net to protect me from my own poor decision here.
I’m going to proceed anyway, and after a few more bounces I end up seeing this:
It “scans” (that is, it appears to show a progress indicator that, of course, isn’t doing anything at all other than just trying to trick you). Once the “scan” is done, surprise, surprise, it offers a free download to “remove” the identified security problems:
28? Didn’t we start out with 32 threats identified? What happened to those other four threats?
More seriously, a click on “Fix Now” will result in malware being downloaded and installed on your computer or mobile device. Do Not Click on the button (but you shouldn’t have gotten to this point anyway).
So that’s it, that’s how these scams work. They never scanned your system to start with, it’s just playing on our fears that our computers have malware. If you are concerned, use a reputable anti-malware tool like Microsoft Windows Defender to make sure your device is clean. Good luck and be careful out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!