Is Windows Defender Security Center a Scam?
Windows Defender Security Center is an online phishing scam that falls under the category of technical support scams. Scammers use cleverly designed fake pages (that look very similar to genuine Microsoft websites) to scare users into paying money to “remove” the non-existent viruses, or installing a remote control tool, which they pretend to be a program to diagnose a computer. It is important to understand that having access to a computer, scammers can steal private information and personal files, install malware (spyware, ransomware or Trojan horses), make fraudulent purchases.
The scam uses phishing sites disguised as legitimate Microsoft pages. Below are some websites used in this scam: mscarubos.com, dothrakiz.com, 333waxonet.ml, rickyhousing.xyz, markmoisturise.online, ondigitalocean.app, risingsolutions.online, robortcleaning.site, elhiuwf.cf, jonwirch.com.
Here’s an example of a technical support scam disguised as a Windows Defender Security Center:
- Is Windows Defender Security Center a Scam?
- How to Spot Scams That Mimic the Windows Defender Security Center?
The “Windows Defender Security Center” scam in detail
In this case, the scam looks like a legitimate page, as it resembles the official Microsoft Windows website. This page states that “access to this PC has been blocked for security reasons”, the system is infected by a Threat: Trojan Spyware and encourages users to immediately contact Microsoft Support to report this threat, prevent identity theft and unlock access to this device.
Text presented in the scam:
Windows Defender Security Center
Threat Detected: Trojan Spyware
Access to this PC has been blocked for security reasons.
Contact Windows Support: 1-833-242-3843 (Toll Free)
Note: If you think this Notification is by error, report immediately to Windows Support to halt the auto-deletion of files and applications from this computer. As this Computer ID is flagged and is connected over the internet Servers, files and apps deletion may start any moment.
Microsoft Deny Allow
Windows-Defender – Security Warning
** ACCESS TO THIS PC HAS BEEN BLOCKED FOR SECURITY REASONS **
Your computer has alerted us that it has been infected with a Trojan Spyware. The following data has been compromised.
> Email Credentials
> Banking Passwords
> Facebook Login
> Pictures & Documents
Windows-Defender Scan has found potentially unwanted Adware on this device that can steal your passwords, online identity, financial information, personal files, pictures or documents.
You must contact us immediately so that our engineers can walk you through the removal process over the phone.
Call Microsoft Support immediately to report this threat, prevent identity theft and unlock access to this device.
Closing this window will put your personal information at risk and lead to a suspension of your Windows Registration.
Call Microsoft Support: 1-833-242-3843 (Toll Free)
Ignore Run Safe
Technical support scams are designed to abuse users’ trust. Scammers trick users into buying unnecessary software, paying for ‘technical support’, and so on. Under the guise of Microsoft Support, scammers can bring a lot of trouble. For example: steal private information, uninstall legitimate antiviruses and install fake ones, or even malware like trojans, ransomware and spyware.
Technical support scams can be used to gain bank account details, or passwords to personal accounts such as social media and email. The collected data can be used to make fraudulent purchases and unauthorized transfers. Moreover, the criminals can use stolen email addresses and phone numbers to send spam and malspam (spam emails containing malware or links to malware).
In summary, Windows Defender Security Center is a SCAM! The scam can lead to malware infection, loss of personal data, disclosure of confidential information, financial losses and other serious problems.
Examples of such scams
There are a lot of Technical support scams circulating online. Your McAfee Subscription Has Expired, Pirated Windows Software detected in this Computer, Windows Defender – Security Warning, McAfee Tollfree are other examples of tech support scams.
How to Spot Scams That Mimic the Microsoft Windows Defender?
There are always a few details that can give away a scam. Make sure you know what to look out for.
- If something raises suspicion, it’s better not to click on any links and buttons. Fake Windows Defender Security Center pop-ups have malicious intentions, and you should avoid clicking them at any cost. Scammers use them to trick you into installing malware or harvest your personal information.
- The most obvious way how to spot a fake Microsoft Windows Defender Alert is finding inconsistencies in domain names. If the alert claims to be from Microsoft, but but the message contains a domain other than Microsoft.com, it’s probably a scam.
- Copy the Microsoft Windows Defender Alert and search the Internet to see what others say about it.
- If you have the slightest suspicion an alert may be a scam, do not click on the links you see.
- If a pop-up (Windows Defender Security Center) claims that you have a virus and you need to click a link or call to get support, it’s definitely a scam. Be suspicious of alerts that claim you must call or click a link immediately.
|Name||Windows Defender Security Center Scam|
|Type||phishing, scam, fake alerts|
|Fake claims||antivirus is not activated; call the provided number to activate the antivirus license|
|Scammers Phone Numbers||1 855 946-1201, 1 844 771-0955, 1 844 648-5422, 1 866 589-0689, 1 833 552-7132, 1 844 893-2246, 1 833 973-2279, 1 865 484-6972, 1 877 833-7874, 1 877 706-1793, 44 808 169-5196, 1 855 544-2751, 1 866 342-2555, 1 888 432-2294, 1 888 433-1875, 1 207 830-8133, 61 1800 948-128, 1 888 285-0417, 1 888 452-1145, 1 800 796-9874, 1 888 510-9275, 1 802 461-4787, 1 877 227-0608, 1 888 902-1659, 1 888 261-4019, 1 888 6222-9118, 1 844 720-2460, 1 805 386-6120, 1 833 748-6845, 1 805 693-4790, 1 530 522-3318, 1 833 512-0051, 1 833 751-2135, 1 573 768-8205, 1 888 498-7509, 1 888 428-3904, 1 844 465-2217, 1 866 831-4226, 1 888 465-8513, 1 872 813-7941, 1 855 739-6346, 1 844 606-8255, 1 475 897-9374, 1 855 739-4584, 1 844 299-2221, 1 844 914-1546, 1 855 648-2463, 1 901 810-3196, 1 877 337-3958, 1 844 914-1566, 1 877 337-4036, 1 877 303-2944, 1 877 337-3954, 1 877 337-3841, 1 831 215-2056, 1 855 908-6548, 1 844 312-7377, 1 844 620-4171, 1 833 552-7106, 1 844 670-5096, 050 5539-1446, 1 800 595-8702, 1 833 967-5736, 1 866 582-2337, 1 833 465-2487, 1 833 807-1460, 1 855 477-4998, 1 888 200-7295, 1 844 705-2634, 1 855 477-5158, 61 180 088-7765, 1 855 568-2963, 1 855 758-5683, 1 888 236-5787, 1 805 254-0988, 1 844 994-2772, 1 888 230-9149, 1 866 473-0262, 1 888 752-6224, 1 888 526-2520, 1 877 756-9413, 1 844 720-2245, 1 805 409-4201, 1 888 327-7969, 1 888 959-0612, 1 219 359-2146, 1 888 327-7076, 1 844 721-1205, 1 888 261-4338, 1 877 497-6357, 1 888 253-5948, 1 877 675-3505, 1 302 309-8840, 1 808 404-9412, 1 877 290-0008, 1 386 381-1149, 1 833 685-6918, 1 877 675-8404, 61 8 6187-6965, 1 888 350-3498, 1 877 286-8093, 1 877 295-2765, 1 805 500-3769, 64 04 889-3725, 1 855 486-7737, 1 877 566-7751, 1 833 394-1741, 1 808 404-9426, 1 933 994-2229, 1 833 340-4048, 1 888 264-7639, 1 855 569-7383, 1 808 755-3990, 1 855 927-4549, 1 801 471-0525, 1 855 996-4227, 1 833 678-0962, 1 844 257-6305, 1 888 368-8861, 86 09 30-0921, 1 844 649-2227, 1 888 402-8268, 1 844 777-7167, 1 805 262-7054, 1 866 612-2333, 1 802 449-4310, 1 845 766-8693, 1 801 285-0883, 1 833 552-7114, 1 872 813-7881, 1 224 725-4948, 1 800 916-0629, 1 877 713-3860, 1 281 699-6365|
|Associated web-sites||mscarubos.com, dothrakiz.com, 333waxonet.ml, rickyhousing.xyz, markmoisturise.online, ondigitalocean.app, risingsolutions.online, robortcleaning.site, elhiuwf.cf, jonwirch.com|
|Distribution||social engineering attack, fake alerts within visited websites, rogue ad networks, PUPs, adware|
|Damage||serious privacy issues, financial losses, identity theft, additional malware infections|
|Removal||Windows Defender Security Center removal guide|
Where did “Windows Defender Security Center” pop-ups come from?
Usually, such scams are promoted by aggressive and malicious push notifications, shady websites, misleading advertisements, potentially unwanted programs (PUPs) and Adware. Adware is a term that originates from ‘ad software’. In many cases, ‘adware’ is considered by many to be synonymous with ‘malware’. Its purpose is to generate profit for its developer by serving unwanted advertisements to a user while the user is browsing the Internet. These ads are often shown as in-text links, unclosable windows or various offers and deals, push notifications and even fake virus alerts. Adware can work like Spyware, since it sends sensitive information such as searches and trends to advertisers.
Push notifications are originally developed to alert the user of recently published news. Cyber criminals abuse ‘push notifications’ to display unwanted ads. These ads are displayed in the lower right corner of the screen urges users to play online games, visit questionable web-pages, install web browser add-ons & so on.
Here are some examples of the scam notifications:
How to protect against the Windows Defender Security Center scam
To avoid becoming a victim of scammers, it is important to always keep in mind:
- There are no sites capable of detecting security threats.
- Never install software promoted by scam sites and aggressive push notifications, as it can be useless, and besides, it can be dangerous for you and your computer.
- Close the “Windows Defender Security Center” pop-up as soon as it appears on your computer screen. Scammers can prevent you from closing it in various ways. In such cases, close your browser using Task Manager or restart your computer. If the next time you launch the browser, it prompts you to restore the previous session, abandon it, otherwise this scam will reopen on your screen.
- Use an ad blocker when browsing the internet. It can block known scam sites and protect you from scammers.
How to remove Windows Defender Security Center pop-ups
In order to remove scam pop-ups, start by closing any applications and pop ups that are open. If a pop up won’t close, then close your browser (Microsoft Internet Explorer, Google Chrome, Firefox and Edge). If a program won’t close then please restart your PC. Next, follow the steps below.
Remove spam push notifications
As mentioned above, in some cases the source of the Windows Defender Security Center scam is push notifications. You may have accidentally pressed the ALLOW button on one of the scam sites and thus allowed the scammers to send spam notifications to your computer. Below we will show you how to get rid of these notifications.
- Click the Menu button (three dots) on the top right hand corner of the Chrome window
- Select ‘Settings’, scroll down to the bottom and click ‘Advanced’.
- In the ‘Privacy and Security’ section, click on ‘Site settings’.
- Go to Notifications settings.
- Find a scam site and click the three vertical dots button next to it, then click on ‘Remove’.
- Open Chrome.
- In the top right corner, find and tap the Google Chrome menu (three dots).
- In the menu tap ‘Settings’, scroll down to ‘Advanced’.
- Tap on ‘Site settings’ and then ‘Notifications’. In the opened window, locate suspicious URLs and tap on them one-by-one.
- Tap the ‘Clean & Reset’ button and confirm.
- In the top-right corner, click the Firefox menu (three horizontal stripes).
- In the drop-down menu select ‘Options’. In the left side select ‘Privacy & Security’.
- Scroll down to ‘Permissions’ section and click ‘Settings…’ button next to ‘Notifications’.
- Find sites you down’t want to see notifications from, click on drop-down menu next to each and select ‘Block’.
- Save changes.
- In the top right hand corner, click the Edge menu button (three dots).
- Scroll down, locate and click ‘Settings’. In the left side select ‘Advanced’.
- In the ‘Website permissions’ section click ‘Manage permissions’.
- Click the switch under a scam URL so that it turns off.
- Click the Gear button on the top-right corner of the screen.
- When the drop-down menu appears, click on ‘Internet Options’.
- Click on the ‘Privacy’ tab and select ‘Settings’ in the pop-up blockers section.
- Locate a susupicious URL and click the ‘Remove’ button to delete the domain.
- Go to ‘Preferences’ in the Safari menu.
- Open ‘Websites’ tab, then in the left menu click on ‘Notifications’.
- Locate a malicious domain and select it, click the ‘Deny’ button.
Uninstall Adware using Windows Control Panel
In order to remove adware, open Control Panel and check the list of installed applications. For the ones you do not know, run an Internet search to see if they are adware, hijacker or PUPs. If yes, delete them off. Even if they are just a apps that you do not use, then removing them off will increase your computer start up time and speed dramatically.
|Windows 7||Windows 8|
|Windows 10||Mac OS|
Remove scam pop ups from Google Chrome
Another solution to get rid of Windows Defender Security Center pop-ups from Chrome is “Reset Google Chrome settings”. This will disable harmful extensions and reset Chrome settings to default values. Keep in mind that resetting your internet browser will not remove your history, bookmarks, passwords, and other saved data.
Open the Google Chrome menu by clicking on the button in the form of three horizontal dotes (). It will open the drop-down menu. Choose More Tools, then click Extensions.
Carefully browse through the list of installed addons. If the list has the extension labeled with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following guide: Remove Chrome extensions installed by enterprise policy otherwise, just go to the step below.
Open the Chrome main menu again, click to “Settings” option.
Scroll down to the bottom of the page and click on the “Advanced” link. Now scroll down until the Reset settings section is visible, like the one below and click the “Reset settings to their original defaults” button.
Confirm your action, click the “Reset” button.
Remove scam pop-ups from Firefox
If Firefox settings are hijacked by the adware, your web-browser shows the scam pop-ups, then ‘Reset Mozilla Firefox’ could solve these problems. However, your saved bookmarks and passwords will not be lost. This will not affect your history, passwords, bookmarks, and other saved data.
Start the Mozilla Firefox and click the menu button (it looks like three stacked lines) at the top right of the browser screen. Next, click the question-mark icon at the bottom of the drop-down menu. It will display the slide-out menu.
Select the “Troubleshooting information”. If you’re unable to access the Help menu, then type “about:support” in your address bar and press Enter. It bring up the “Troubleshooting Information” page as displayed on the image below.
Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page. Select “Refresh Firefox” in the confirmation dialog box. The Mozilla Firefox will begin a procedure to fix your problems that caused by adware. When, it is done, click the “Finish” button.
Automatic Removal of Adware
The perfect way to scan your computer for adware is to run a manual virus scan of your system with Malwarebytes, Zemana Anti-Malware or Hitman Pro. These malware scanners can find and remove harmful files and applications on your computer or browser. They have malware protection for your computer. These malware removal tools work in combination with the other security features that Windows OS offers.
Use MalwareBytes AntiMalware to remove Adware
Remove adware software manually is difficult and often the adware is not completely removed. Therefore, we recommend using MalwareBytes that will completely remove adware and help you get rid of the Windows Defender Security Center pop-ups. Moreover, this malware removal tool can detect and uninstall PUPs, toolbars and browser hijackers that your computer can be infected too.
- Visit the following page to download MalwareBytes. Save it directly to your Windows Desktop.
Category: Security tools
Update: April 15, 2020
- Once downloading is finished, close all applications and windows on your computer. Open a file location. Double-click on the icon that’s named MBsetup.
- Choose “Personal computer” option and click Install button. Follow the prompts.
- Once installation is finished, press the “Scan” button to scan for adware related to the Windows Defender Security Center scam. This process may take quite a while, so please be patient.
- Once that process is finished, you will be shown the list of all detected items on your PC. Make sure to check mark the items which are unsafe and then click “Quarantine”. After disinfection is finished, you can be prompted to restart your computer.
The following video demonstrates how to use MalwareBytes Anti Malware to remove adware, browser hijackers and other malware.
Use Zemana Anti-Malware to remove Adware
Zemana Anti-Malware is a malware removal tool designed for Windows OS. This utility will help you remove adware, various types of malware (including hijackers and PUPs) from your PC for free. It has simple and user friendly interface. While the Zemana AntiMalware does its job, your PC will run smoothly.
- Visit the page linked below to download the latest version of Zemana for Microsoft Windows. Save it directly to your Desktop.
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once you have downloaded the install file, make sure to double click on the Zemana.AntiMalware.Setup. This would start the Zemana installation on your personal computer.
- Select install language and click ‘OK’ button.
- On the next screen ‘Setup Wizard’ simply press the ‘Next’ button and follow the prompts.
- Finally, once the install is complete, Zemana will run automatically. Else, if does not then double-click on the Zemana icon on your desktop.
- After you have opened the Zemana Anti-Malware, you will see a window as on the image below, just press ‘Scan’ button to detect adware.
- Now pay attention to the screen while Zemana scans your computer.
- When that process is done, Zemana Anti-Malware will display you the scan results. Review the results once the utility has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click ‘Next’ button.
- Zemana AntiMalware may require a reboot computer in order to complete the adware removal procedure.
- If you want to permanently delete adware from your personal computer, then press ‘Quarantine’ icon, select all malicious software, adware, potentially unwanted software and other threats and press Delete.
- Reboot your PC to complete the adware removal procedure.
Remove adware and malicious extensions with HitmanPro
If the “Windows Defender Security Center” pop-ups issue persists, run the Hitman Pro and check if your computer is infected by adware. Hitman Pro is a downloadable security utility that provides on-demand scanning and helps remove adware, potentially unwanted software, and other malicious software. It works with your existing anti-virus.
First, visit the following page, then click the ‘Download’ button in order to download the latest version of Hitman Pro.
Category: Security tools
Update: June 28, 2018
Download and use Hitman Pro on your computer. Once started, click “Next” button for scanning your personal computer for the adware software related to the Windows Defender Security Center pop-ups. A scan may take anywhere from 10 to 30 minutes, depending on the number of files on your PC and the speed of your computer. When a malware, adware or PUPs are detected, the number of the security threats will change accordingly. Wait until the the scanning is done..
After the scan is done, Hitman Pro will open you the results.
Review the results once the utility has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click Next button.
It will open a dialog box, click the “Activate free license” button to start the free 30 days trial to remove all malware found.
How to stop Windows Defender Security Center pop-ups
By installing an ad blocking program such as AdGuard, you are able to block the Windows Defender Security Center pop-ups, stop autoplaying video ads and remove a huge count of distracting and unwanted ads on web-sites.
AdGuard can be downloaded from the following link. Save it on your Desktop.
Author: © Adguard
Category: Security tools
Update: November 15, 2018
After downloading it, start the downloaded file. You will see the “Setup Wizard” screen as shown in the figure below.
Follow the prompts. When the installation is done, you will see a window as on the image below.
You can press “Skip” to close the install program and use the default settings, or click “Get Started” button to see an quick tutorial that will allow you get to know AdGuard better.
In most cases, the default settings are enough and you do not need to change anything. Each time, when you launch your personal computer, AdGuard will start automatically and stop unwanted ads, block the Windows Defender Security Center scam, as well as block harmful or misleading web-sites. For an overview of all the features of the application, or to change its settings you can simply double-click on the AdGuard icon, that can be found on your desktop.
We hope this article helped you learn more about the Windows Defender Security Center Scam and avoid the scammers. If you have questions or additional information for our readers, please leave a comment.