Virus Warning Popups — Real or Fake? How to Tell the Difference

You're browsing the web and suddenly a big scary popup appears — flashing red, warning sirens, telling you your computer is infected and you need to call a number immediately. Terrifying, right?

Except most of the time, it's completely fake. These scam popups are designed to panic you into calling a fake "support" number where they'll charge you hundreds of pounds for "fixing" a problem that doesn't exist — or worse, install actual malware on your machine.

In this post I'll show you exactly what fake popups look like, what genuine alerts actually look like, and give you the red flags to watch for so you never fall for one.

What Fake Virus Popups Look Like

These are the most common types of scam popups. If you've seen anything like these — it's fake.

The "Microsoft Security Alert"

This is the most common one. It takes over your whole screen (or fills a browser tab), usually with a red background and alarming text:

Why it's fake: Microsoft themselves say that error and warning messages from Microsoft never include a phone number. The "error codes" are made up. The all-caps screaming is a dead giveaway. And no real alert would mention your banking details — your antivirus has no idea what's in your bank account. (Microsoft's official page on tech support scams)

The "Your McAfee/Norton Has Expired" Popup

This one appears as a browser notification or popup ad, pretending to be from an antivirus brand:

Why it's fake: This appears even if you've never had McAfee installed. Real antivirus software alerts you from inside its own app, not from a website. The discount urgency is a pressure tactic. And the "threats found" claim is completely made up — a website can't scan your computer.

The "Apple Security Warning"

Mac users aren't safe either. This one appears in Safari or Chrome, pretending to be from Apple:

Why it's fake: Apple say that if you see a popup warning about viruses while browsing, it's a scam — ignore it and close the page. Real macOS security warnings appear as standard system dialogs (the grey ones with the traffic-light buttons in the corner). Apple will never ask you to call a phone number. (Apple's official page on phishing and scams)

What Real Virus Alerts Actually Look Like

Now let's look at what genuine security alerts look like. The difference is night and day.

Real Windows Security Alert

Real Windows alerts appear as a small notification from the bottom-right corner of your screen — not in your browser. They come from the Windows Security app (the shield icon in your taskbar). The notification calmly tells you what was found, that it's been quarantined, and gives you a simple "Review actions" button. No phone numbers, no capitals, no drama. See examples on Microsoft's official page →

Real Browser Warning (Google Safe Browsing)

When your browser detects a genuinely dangerous website, it shows a full red page that says "Deceptive site ahead". It names the specific dangerous website, doesn't mention viruses on your computer, and has a simple "Back to safety" button. No phone number, no countdown. It's protecting you from the website — not telling you your computer is infected. See examples on Google's official page →

Real macOS Gatekeeper Alert

Real macOS security alerts are standard grey system dialogs — the kind with the red/yellow/green buttons in the corner. They say things like "AppName can't be opened because Apple cannot check it for malicious software." They name the specific app, give you clear options, and never appear in your browser. Apple will never ask you to call a phone number. See Apple's official guidance on scams →

Red Flags — How to Spot a Fake

Here's a quick checklist. If the popup does any of these, it's a scam:

• It appears in your browser. Real virus alerts come from your antivirus software or operating system, not from a website. If you can see a browser address bar above it, it's fake.
• It gives you a phone number to call. Microsoft, Apple, and antivirus companies don't put phone numbers in virus alerts. Ever.
• It uses CAPITAL LETTERS and exclamation marks. Real security software doesn't scream at you.
• It mentions your banking details or passwords. Designed to scare you. Your antivirus doesn't know what's in your bank account.
• It won't let you close the window. Some fake popups use tricks to prevent you from closing them. Real alerts always let you dismiss them.
• It has a countdown timer or flashing colours. Pressure tactics. Real software gives you time to think.
• It asks you to install something or renew a subscription. Especially from a brand you don't already have. If you don't have McAfee, why is McAfee warning you?
• The error codes look made up. Things like "Error DW6VB36" — these are gibberish designed to look technical and panic you into calling.

Trust Your Operating System, Not Random Websites

Both Windows and macOS have built-in security tools that are always running in the background. These are what you should trust — not a popup from a website you've never heard of.

• Windows 10/11: Windows Security (formerly Windows Defender) is built in, free, and runs automatically. It's genuinely good — for most people, it's all you need. If it finds something, it'll tell you calmly through its own notification system.
• macOS: Apple's XProtect and Gatekeeper work silently in the background. You don't need to install anything extra. If macOS blocks something, it'll do it through a standard system dialog.

If you want to verify something, open the security tool directly — don't click a link in a popup. On Windows, search for "Windows Security" in the Start menu. On Mac, go to System Settings > Privacy & Security.

Don't just take my word for it — here's what Microsoft and Apple themselves say:

• Microsoft: Protect yourself from tech support scams — Microsoft confirm they will never show a phone number in an error message or ask you to call them through a popup.
• Apple: Recognise and avoid phishing and scams — Apple confirm that browser popups warning about viruses on your device are scams.
• Google: Manage warnings about unsafe sites — explains what Chrome's real Safe Browsing warnings look like and how they work.

What to Do If You See a Fake Popup

1. Don't click anything on it. Not even the "X" button — on some scam pages, even that can trigger a download. Instead, close the entire browser tab or window.
2. If it won't close, press Ctrl+Shift+Esc on Windows (or Cmd+Option+Esc on Mac) to open Task Manager / Force Quit, then close your browser from there.
3. Don't call the number. No matter how convincing it looks. The person on the other end is a scammer.
4. Clear your browser data. Go to your browser settings and clear browsing data / cache. This stops the popup from reappearing when you reopen the browser.
5. Run a real scan. Open Windows Security (built into Windows 10/11) or your antivirus and run a quick scan just to be safe.

How to Stop Fake Popups Appearing

If you keep seeing these, here are a few things to check:

• Check your browser notifications. You may have accidentally clicked "Allow" on a notification request from a dodgy site. Go to your browser settings, find Notifications, and remove anything you don't recognise.
• Install an ad blocker. uBlock Origin (free) blocks most scam popup ads before they even load. It's available for Chrome, Firefox, and Edge.
• Keep your browser updated. Modern browsers block a lot of this stuff automatically, but only if they're up to date.
• Be careful where you click. Free streaming sites, pirate download sites, and sites plastered with "you've won a prize" banners are the most common sources of these popups.