The Windows Antivirus Scam is On the Loose Again

By | January 23, 2019

The Windows Antivirus Scam is On the Loose Again

Quite a few years ago, there were many Windows antivirus scams, most of them targeting Microsoft Security Essentials users (Windows 7).

Well, the old scam has been resurrected by the online hooligans. We just ran into it again as it popped up during a visit to Weather.com. 

While this scam has been updated, it’s the old trickery. It attempts to scare you into buying an update for Windows Defender. Don’t be tricked into clicking the “Renew” button. Windows Defender is free and is pre-installed on all Windows 10 computers. Updates are free and come via Windows Update.

We’re going to show you what the new Windows antivirus scam looks like, so you’ll recognize it when you see it. It shows up disguised to look as if it’s coming from your computer. It’s not. It’s just a redirect Web page. The first image makes it appear that it’s scanning your computer.

Cloudeight Keeping You Safe
Screenshot above: Old scam, old trick, new look.

When the scan is completed, it always tells you that your computer is infected with 5 viruses and urges you to click the “Renew now” to download the update to prevent you from losing data and even your identity. This is pure garbage. Don’t believe it.

Screenshot below: Animation always discovers 5 viruses on victims’ computers and warns of dire consequences if victims don’t click the “Renew Now” button – but don’t you dare click it!  Notice the title bar says “Windows Defender Security Center” – I don’t think so, Mr. Scammer!

Cloudeight Keeping You Safe

And if you try to backspace or use your back-button to back away from this page, you’ll see a different image for the same scam. Notice the this scam ad shows that your antivirus just happened to expire today. That’s because the page is running a date script that acquires today’s date from the victim’s computer.  If you see this version of the Windows antivirus or Windows Defender scam, it will always show you that your antivirus expired on the date you happen to see. You’re warned and informed:  Don’t be fooled.

Cloudeight Keeping You Safe

Victims who are tricked into clicking the “renew” button are directed to an online store where they can purchase the “update”. However, when users get to the store, they’ll be downloading a fake antivirus program which is useless malware, and it’s not an update for anything.

If you see this scam, look in the browser’s address bar and you’ll see it is a Web page. The ad we saw today came from from hindowsappcenter.securitys-shieldsv.pw. The domain is “securitys-shieldsv.pw”. What does that even spell?

A few years back, the .pw domain was known as a haven for spammers.  It looks like the .pw domain is back again.

Here’s what Wikipedia says about the .pw domain:

.pw is the country code top-level domain for Palau. It was originally delegated to the Pacific island nation of Palau in 1997. It has since been redelegated a number of times, most recently[when?] by Directi, a group of businesses operating registrars among other Internet-related services, who rebranded it as the Professional Web. From March 25, 2013, domains under the .pw TLD are available to the general public.

Symantec released two reports in April and May 2013 claiming that domains under .pw TLD were a significant source of spam e-mail.[2][3] In July 2013 the registry announced that they had passed the 250,000 registration milestone within the first three months, after having 50,000 registered domains in the first three weeks…(Source: https://en.wikipedia.org/wiki/.pw )

Don’t be tricked by this scam. Windows Defender is free and comes pre-installed on all Windows 10 computers. Updates are free and come via Windows Update.

Be prepared, not scared. If you see this fake ad, just close the browser tab. No special tricks needed to close this one.

6 thoughts on “The Windows Antivirus Scam is On the Loose Again

  1. Charlotte Mitchell

    This isn’t the only Microsoft scam going on right now. Yesterday I received a phone call from “Microsoft” stating that the warranty on my computer had expired and if I didn’t renew it right away everything would be shut down and I could no longer use my computer. By the way, I didn’t answer the call, but listened to the voice mail message, erased it, blocked the number, AND my computer is still working fine! Keep warning people – too many panic and fall for these schemes. Thanks for all you do!

    Reply
  2. Susan Kazimerczak

    Thank you for this timely warning.
    We need to be informed about these things
    Thanks so much for all you do.
    Susan

    Reply
  3. Dawn Campbell

    The scammers are running rampant these days! I am so thankful all of it goes to my spam!! Well, most of it. I don’t believe anything these days without I just NOT open it and then go to the legitimate site to check.

    Reply
  4. Bernadette McCallum

    I received a scam message on MSN that was similar. Yup 5 viruses but no scanning and it froze the whole page. I had to use Task Manager to shut down computer.

    Reply
    1. infoave Post author

      There are literally thousands of different email scams. A spam email can’t freeze your computer unless you click on a link in the email. So, not sure what scam you saw, but the one in our article is on a web page that opens while you’re reading a different, sometimes legitimate page.

      Can you give us more details about how you got this message?

      Reply
  5. Pat Pittman

    The email came from Louise Strom Finance Team (Help line 1-725-877-0844) I hope this will help.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *