No, you're not infected

A reader who wishes to remain anonymous is concerned about a very scary looking website. I attempt to calm the waters.

I used Yahoo to search for something and was sent immediately to the following [redacted] site. I believe my Mac was invaded and don’t know what to do!

First, relax. Your Mac wasn’t invaded, infected, compromised, co-opted, or conquered. If you’d clicked through a few of those dire pop-up warnings you might have been as amused as I was to see a phony Windows Security Alert appear on a Macintosh. What you’ve encountered is termed “scareware”—a scam that attempts to frighten those confronted with these pages into downloading a hunk of software that will allegedly deal with the problem.

The chain of events goes like this: A perfectly legitimate URL is hijacked by the scammers and you’re redirected to the scareware page. That page is designed in such a way that several dialog boxes pop-up, warning you that your computer is infected. Click Cancel and you’ll just get more warnings and an interface that makes it appear like your computer is being scanned. If you fall for the trick and click the buttons necessary to download the offered antivirus software, you’ll pay for a product that is likely a hunk of malware (and I hate to think what happens to your credit card information). This malware is bad for Windows PCs but has no effect on Macs.

Typical scareware warning.

Regrettably, these pages are sometimes difficult to dismiss because the constant pop-up warnings prevent you from leaving. Clicking OK may get rid of the pop-ups so that you can close the window or tab (and no, doing so won't automatically download the software to your Mac), but I faced a situation with my wife’s Mac (who was just concerned as you were) where I had to force-quit Safari to get away from the scareware page.

You can take some comfort in knowing that the search engine folks do their best to weed out this junk and that those who promote it have been—and will continue to be—prosecuted for engaging in such malicious and scammy activities.

Subscribe to the Apple @ Work Newsletter

Comments