'Operating System Blocked Due To Questionable Activity' Pop-Up Scam

While investigating suspicious websites, our researchers came across the "Operating System Blocked Due To Questionable Activity" technical support scam. The primary goal of this deceptive content is to deceive users into calling a counterfeit Microsoft support service to unlock their device and address potential issues.

It's crucial to emphasize that all the information provided by this scam is entirely false and has no affiliation with Windows or its developer, Microsoft. The webpage running this scam disguises itself as Microsoft's official website. When accessed, it inundates the visitor with multiple pop-up windows containing phony threats and issues purportedly affecting the user's device. The scam persistently urges users to call the provided helpline.

The subsequent steps in the scheme can vary once the scammers are contacted. Typically, the victim is asked to grant access to their computer remotely by purported "expert technicians" or "Microsoft support," often using legitimate software like UltraViewer, TeamViewer, or AnyDesk.

Once access is granted, cybercriminals can inflict various types of damage while maintaining the illusion of performing malware removal or other services. For instance, they may disable or uninstall legitimate security tools, install counterfeit antivirus programs, extract sensitive information, or introduce actual malware like trojans, ransomware, or cryptominers into the system.

Potential Abuse of Illegally Obtained User Data

The data that is typically targeted includes login credentials (such as email, social networking, social media, e-commerce, online banking, and cryptocurrency wallets), personally identifiable information (like ID card details and passport scans/photos), and financial data (such as bank account details and credit card numbers).

Victims can be coerced into disclosing this sensitive information over the phone or entering it into phishing files or websites. Stealer-type malware may also be employed for this purpose.

Furthermore, tech support scammers demand exorbitant payments. Criminals often employ hard-to-trace methods for obtaining funds, such as cryptocurrencies, gift cards, prepaid vouchers, or concealed cash sent in packages. Using such methods reduces the likelihood of being pursued by authorities and victims recovering their funds. It's worth noting that successfully scammed victims are frequently targeted repeatedly.

In summary, placing trust in a scam like "Operating System Blocked Due To Questionable Activity" can result in system infections, data loss, severe privacy breaches, substantial financial losses, and even identity theft.

If exiting a deceptive webpage proves difficult, it is advisable to use the Windows Task Manager to terminate the browser's process. When reopening the browser, avoid restoring the previous browsing session, as this would reopen the scam page.