Online security

20 February 2020

Pop-ups - beware of viruses!

“Congratulations, you are the 10 millionth visitor. You have won an iPhone 11!”

As you’re using the internet, you’re interrupted by a pop-up or unexpected window showing a message such as: “You’ve won!” or “Your phone has been infected with a virus!”. You’re then asked to click on the message to find out more. Don’t be fooled – these notifications are fraud!

Why do they work?

Studies on web user behaviour have shown that by suddenly interrupting an activity, these pop-ups stop people from taking the time they need to work out that they’re being scammed. In other words, the fact that these windows suddenly appear while we’re concentrating on doing something makes us less able to spot the danger. It’s easier to make a mistake when we are focused on something else. 

Cybercriminals are all too aware of this, and nowadays prefer using SMS phishing – where pop-ups appear on your phone screen – to email phishing scams.


The different types of fake pop-ups

“Congratulations, you’ve won!”

This is the easiest fake message to spot. You never played, but you’ve won! As pleasant as that may seem, don’t be fooled, because in the end...you’re bound to lose!


“Your device has been infected with a virus – act now!”

This message is particularly worrying, especially when it appears full-screen on your phone. Try not to react too quickly and press the indicated buttons. Only an antivirus can alert you to any infections on your device. Have you got an antivirus installed? Can you see your antivirus’ logo displayed on the message? If the answer is no, just close your web browser and reopen in. The fake alert will disappear.


“An update is available, install it now”

This alert might seem logical. It’s not unusual to get a message on your device to let you know an update is ready to be installed. But how can you tell the difference between a real update and a fake? Unfortunately, it’s not always easy.

The best thing to do is to let your device install updates on its own (automatically). That way, you’ll never have to think about whether the invitation that has just popped up on your screen is fake or not, as your device is configured to only install updates from known publishers.

You can still see if there’s an update ready for installation by going into the programme. If you’re not sure, ask someone you know.


How should you deal with a fraudulent notification?

  • Golden rule: never click on an invitation in a hurry.

  • Never click on a pop-up if it makes a noise, is animated, or seems to show a very serious/important message. Programme publishers never communicate like this. These techniques are only used by hackers, and their sole purpose is to frighten you.

  • Check for yourself (by opening the program that needs updating or by asking someone you know).