Technology
Beware of this McAfee Google Chrome pop-up scam
‘CyberGuy’: Don’t take the bait
Kurt Knutsson provides advice on how to identify safe email links and tips for safeguarding your email account against phishing attacks.
We want to warn you about a scam that you may encounter while browsing the web. A McAfee antivirus pop-up suddenly appears on your computer, claiming your device is infected and your McAfee subscription has expired.
While it might seem legitimate, it’s really a scam. Suzy from Loudon, Tennessee, wrote to us saying she is experiencing the same thing:
“I am attempting to rid my new computer of a pesky McAfee Google Chrome Ad that keeps telling me I am infected with trojan viruses and I have an expired McAfee account with my new computer. I do not have their coverage. Per all my virus coverage, I show no infection; however, this menace keeps popping up even stating in full screen I shall lose my Windows 10 license and wipe my computer clean, etc. I shut my computer down completely… This pest has to go, and I am ready to send this pest to its graveyard – ashes baby!”
Luckily, Suzy, we have a solution to make sure you don’t put your information, finances and security at risk.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Breaking down the McAfee pop-up scam
The McAfee scam utilizes fear and panic to make you a victim. The goal is to make you act fast. Once you see the pop-up, you see that this pop-up is telling you your computer is infected with viruses and that your McAfee subscription has expired.
First, ask yourself if you even had McAfee software to begin with. This should be the first red flag. The scammers are preying on your fears and counting on you to fall into their trap and click anywhere on the screen. You’re tempted to click the button to proceed and subscribe to what seems like real antivirus software. After all, it uses the McAfee logo — which is synonymous with internet security.
Fake McAfee pop-up (Kurt “CyberGuy” Knutsson)
This scam can take your information using two methods. Sometimes, when you click on a pop-up like the fake one above, it will direct you to a website, asking you to re-subscribe. You enter in your data, thinking you’re getting a real antivirus software. However, in reality, you have just given a scammer your credit or debit card information, address and more.
The scam could also download malicious software once you click an option like, “Proceed,” “Get Protection” or “Scan.” That software is automatically downloaded onto your computer, and hackers can gain access.
There are several ways it can get onto your new computer. You might have downloaded a malicious file or browser extension. It can even get onto your computer if you visit a suspicious website and allow notifications.
MORE: THIS FACEBOOK MESSENGER PHISHING SCAM IS STEALING MILLIONS OF PASSWORDS
Is that a real pop-up on my computer?
No, you might think that these are real alerts from your system or from legitimate websites like McAfee, but they are actually fake pop-ups that are trying to trick you into clicking on them. These pop-ups are not coming from your computer but from a malicious file that has integrated itself into your browser and is displaying images that look like pop-ups. If you click on them, you might end up downloading more malware, giving away your personal information, or paying money for a fake service.
How to protect yourself from the McAfee pop-up scam
If you see these pop-ups appear in your browser, don’t be alarmed. Here’s what to do.
1. Don’t click on suspicious links or pop-ups.
First, whatever you do, don’t click on links or pop-ups that look like they are from legitimate sources like McAfee unless you are absolutely sure it’s legit. As mentioned, these links or pop-ups can lead you to malicious websites or to downloading harmful software onto your computer. To avoid this, you should always check the URL of the link or pop-up before you click on it. If it looks suspicious, do not click on it. You can also hover your mouse over the link or pop-up to see the actual URL. If it does not match the source, do not click on it.
2. Close down your browser
Second, the best way to avoid these pop-ups is to close your browser. You should also avoid reopening the same website or tab that triggered the pop-up, as it may still be compromised or malicious. Sometimes closing your browser is all you need to do. Other times you may see that this pop-up page may come back, so let’s clear out any files that may be in your browser’s cache.
3. Clear Cache
If you see these fake pop-screens appear in your browser again over the course of the day or week, try clearing your cache. Here’s how to do it on your computer:
- On your computer, open Chrome
- At the top right, click the three dots icon
- Tap Clear browsing data
- In the Clear browsing data window, select a time range. To delete everything, select All time
- Next to “Cached images and Files,” check the box
- Click Clear data.
HARVARD DROPOUT BUILDS WEARABLE AI COMPANION THAT HANGS AROUND NECK
Clear browsing data (Kurt “CyberGuy” Knutsson)
You can also clear the cache on your iPhone or Android.
Clear Browsing Data (Kurt “CyberGuy” Knutsson)
4. Remove extensions
If you are seeing these fake pop-ups after you already cleared your cache, let’s try disabling your browser extensions to see if it will solve the problem. Here’s how to do this:
- Open your Chrome browser and click on the three dots icon at the top right corner of the screen. This will open a menu with various options
- From the menu, select Extensions
- Then click Manage Extensions. This will take you to a page where you can see all the extensions that are installed on your browser
GOOGLE FINALLY ADMITS DATA COLLECTION IN CHROME’S ‘INCOGNITO’ MODE
Step to remove extensions in Google Chrome (Kurt “CyberGuy” Knutsson)
- On the extensions page, you will see a toggle switch next to each extension. If the switch is blue, it means the extension is enabled. If the switch is gray, it means the extension is disabled.
- To disable an extension, simply click on the toggle switch and make it gray. You can also click on the Remove button below the extension to uninstall it completely from your browser. For now, let’s just try disabling the extension.
- Repeat this process for all the extensions that you want to disable or remove. You may need to restart your browser for the changes to take effect.
5. Use legitimate antivirus software
Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links that may install malware on your devices, allowing hackers to gain access to your personal information.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices
6. Report the scam
If you encounter this scam or any other scam, you should report it to the authorities so they can take action against the scammers and warn other people. You can report the scam to the Federal Trade Commission (FTC). You can also report it to your local police department or consumer protection agency. By reporting the scam, you can help prevent others from falling victim to it.
MORE: HOW HACKERS CAN SENT TEXT MESSAGES FROM YOUR PHONE WITHOUT YOU KNOWING
What should you do if you’ve clicked a link and installed malware on your device?
If you’ve been hacked, it’s not too late. There are several ways you can protect yourself from hackers, even when they have access to your information.
Scan your device for malware
First, you’ll want to scan your computer with a reputable and legitimate antivirus program. See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices
Change your passwords immediately
If you’ve inadvertently given your information to hackers or malicious actors, they could have access to your social media or banking accounts. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device, because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see signs of identity theft or fraud.
Use identity theft protection
The McAfee pop-up scam targets your personal information. Hackers can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.
To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number and email address and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of best identity theft protection services here.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original version. You should back up your important data before doing this and only restore it from a trusted source.
MORE: HOW HACKERS ARE TARGETING X VERIFICATION ACCOUNTS TO TRICK YOU
Kurt’s key takeaways
The McAfee pop-up scam looks to prey on your fears and hopes you panic. It’s important to stay calm when facing hackers and make sure you’re taking the proper precautions. Whenever you download software, make sure it’s from an actual software developer you trust.
Don’t download any software or browser extensions from suspicious sources, or you could be putting yourself at risk. While that’s easier said than done, you should always be vigilant when downloading anything or visiting dubious websites.
Phishing scams like the McAfee pop-up scam are everywhere, but you can easily make sure you’re not a victim. All you have to do is be careful.
Have you seen this scam? If not, how do you protect yourself when you’re using the web? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Two years ago, the company sold about 5,000 units of the Playground. Last year, that number was roughly 150,000. This year, it’s on track for 600,000. Before its pivot, Nex did about $3 million of annual revenue and wasn’t profitable. This year, the company is projecting more than $150 million of sales and says it’s on pace to finally break even.
NEWYou can now listen to Fox News articles!
Cybercriminals keep getting better at blending into the software you use every day.
Over the past few years, we’ve seen phishing pages that copy banking portals, fake browser alerts that claim your device is infected and “human verification” screens that push you to run commands you should never touch. The latest twist comes from the ongoing ClickFix campaign.
Instead of asking you to prove you are human, attackers now disguise themselves as a Windows update. It looks convincing enough that you might follow the instructions without thinking, which is exactly what they want.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES
The malware hides inside seemingly normal image files, using steganography to slip past traditional security tools. (Microsoft)
How the fake update works
Researchers noticed that ClickFix has upgraded its old trick. The campaign used to rely on human verification pages, but now you get a full-screen Windows update screen that looks almost identical to the real thing. Joe Security showed how the page displays fake progress bars, familiar update messages and a prompt that tells you to complete a critical security update.
If you are on Windows, the site tells you to open the Run box, copy something from your clipboard and paste it in. That “something” is a command that silently downloads a malware dropper. The final payload is usually an infostealer, which steals passwords, cookies and other data from your machine.
NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS
Fake update screens are getting harder to spot as attackers mimic Windows with near-perfect precision. (Joe Security)
The moment you paste the command, the infection chain begins. First, a file called mshta.exe reaches out to a remote server and grabs a script. To avoid detection, these URLs often use hex encoding for parts of the address and rotate their paths. The script then runs obfuscated PowerShell code filled with junk instructions to throw researchers off. Once PowerShell does its work, it decrypts a hidden .NET assembly that functions as the loader.
Why is this attack so hard to detect?
The loader hides its next stage inside what looks like a regular PNG file. ClickFix uses custom steganography, which is a technique that hides secret data inside normal-looking content. In this case, the malware sits inside the image’s pixel data. The attackers tweak color values in certain pixels, especially in the red channel, to embed pieces of shellcode. When you view the image, everything appears normal.
The script knows exactly where the hidden data sits. It extracts the pixel values, decrypts them and rebuilds the malware directly in memory. That means nothing obvious is written to disk. Security tools that rely on file scanning miss it, since the shellcode never appears as a standalone file.
Once rebuilt, the shellcode is injected into a trusted Windows process like explorer.exe. The attack uses familiar in-memory techniques such as VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. Recent ClickFix activity has delivered infostealers like LummaC2 and updated versions of Rhadamanthys. These tools are built to harvest credentials and send them back to the attacker with very little noise.
Once the hidden code loads into a trusted Windows process, infostealers quietly begin harvesting your data. (Kurt “CyberGuy” Knutsson)
7 steps you can take to protect yourself from the ClickFix campaign
The best way to stay protected is to slow down for a moment and follow a few steps that cut off these attacks before they start.
1) Never run commands you didn’t ask for
If any site tells you to paste a command into Run, PowerShell or Terminal, treat it as an immediate warning sign. Real operating system updates never require you to run commands from a webpage. When you run that command, you hand full control to the attacker. If something feels off, close the page and don’t interact further.
2) Keep Windows updates inside Windows
Updates should only come from the Windows Settings app or through official system notifications. A browser tab or pop-up pretending to be a Windows update is always fake. If you see anything outside the normal update flow asking for your action, ignore it and check the real Windows Update page yourself.
3) Use a reputable antivirus
Choose a security suite that can detect both file-based and in-memory threats. Stealthy attacks like ClickFix avoid leaving obvious files for scanners to pick up. Tools with behavioral detection, sandboxing and script monitoring give you a much better chance of spotting unusual activity early.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
4) Use a password manager
Password managers create strong, unique passwords for every account you use. They also autofill only on legitimate websites, which helps you catch fake login pages. If a manager refuses to fill out your credentials, take a second look at the URL before entering anything manually.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
5) Use a personal data removal service
Many attacks start by targeting emails and personal details already exposed online. Data removal services help shrink your digital footprint by requesting takedowns from data broker sites that collect and sell your information. They can’t erase everything, but reducing your exposure means fewer attackers have easy access to your details.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Check URLs before trusting anything
A convincing layout doesn’t mean it is legitimate. Always look at the domain name first. If it doesn’t match the official site or uses odd spelling or extra characters, close it. Attackers rely on the fact that people recognize a page’s design but ignore the address bar.
7) Close suspicious full-screen pages
Fake update pages often run in full-screen mode to hide the browser interface and make the page look like part of your computer. If a site suddenly goes full screen without your permission, exit with Esc or Alt+Tab. Once you’re out, scan your system and don’t return to that page.
Kurt’s key takeaway
ClickFix works because it leans on user interaction. Nothing happens unless you follow the instructions on the screen. That makes the fake Windows update page especially dangerous, because it taps into something most people trust. If you are used to Windows updates freezing your screen, you may not question a prompt that appears during the process. Cybercriminals know this. They copy trusted interfaces to lower your guard and then rely on you to run the final command. The technical tricks that follow are complex, but the starting point is simple. They need you to help them.
Do you ever copy commands from a website without thinking twice about what they do? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
A group of more than 150 parents sent a letter on Friday to New York governor Kathy Hochul, urging her to sign the Responsible AI Safety and Education (RAISE) Act without changes. The RAISE Act is a buzzy bill that would require developers of large AI models — like Meta, OpenAI, Deepseek, and Google — to create safety plans and follow transparency rules about reporting safety incidents.
The bill passed in both the New York State Senate and the Assembly in June. But this week, Hochul reportedly proposed a near-total rewrite of the RAISE Act that would make it more favorable to tech companies, akin to some of the changes made to California’s SB 53 after large AI companies weighed in on it.
Many AI companies, unsurprisingly, are squarely against the legislation. The AI Alliance, which counts
Meta, IBM, Intel, Oracle, Snowflake, Uber, AMD, Databricks, and Hugging Face among its members, sent a letter in June to New York lawmakers detailing their “deep concern” about the RAISE Act, calling it “unworkable.” And Leading the Future, the pro-AI super PAC backed by Perplexity AI, Andreessen Horowitz (a16z), OpenAI president Greg Brockman, and Palantir co-founder Joe Lonsdale, has been targeting New York State Assemblymember Alex Bores, who co-sponsored the RAISE Act, with recent ads.
Two organizations, ParentsTogether Action and the Tech Oversight Project, put together Friday’s letter to Hochul, which states that some of the signees had “lost children to the harms of AI chatbots and social media.” The signatories called the RAISE Act as it stands now “minimalist guardrails” that should be made law.
They also highlighted that the bill, as passed by the New York State Legislature, “does not regulate all AI developers – only the very largest companies, the ones spending hundreds of millions of dollars a year.” They would be required to disclose large-scale safety incidents to the attorney general and publish safety plans. The developers would also be prohibited from releasing a frontier model “if doing so would create an unreasonable risk of critical harm,” which is defined as the death or serious injury of 100 people or more, or $1 billion or more in damages to rights in money or property stemming from the creation of a chemical, biological, radiological, or nuclear weapon; or an AI model that “acts with no meaningful human intervention” and “would, if committed by a human,” fall under certain crimes.
“Big Tech’s deep-pocketed opposition to these basic protections looks familiar because we have
seen this pattern of avoidance and evasion before,” the letter states. “Widespread damage to young people —
including to their mental health, emotional stability, and ability to function in school — has been
widely documented ever since the biggest technology companies decided to push algorithmic
social media platforms without transparency, oversight, or responsibility.”
Reservists’ families protest outside Finance Minister’s home
Ditch sit-ups and crunches — this 5-move standing abs workout will help you build a stronger and more sculpted core
‘Black Rabbit, White Rabbit’ Review: Disqualified for the Oscars, Tajikistan Drama Is an Inviting, Meandering Meta-Narrative
Horvath to Heidenreich on 4th-and-goal leads No. 22 Navy to a 17-16 win over Army
Video: At Least Two Killed in Shooting at Brown University
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: At Least Two Killed in Shooting at Brown University
FBI ousts reinstated whistleblower over unauthorized media talks, ‘poor judgment’
EU dismisses Russia’s lawsuit against Euroclear as ‘speculative’
Multiple people shot near Brown University, police say
Inside Minnesota’s $1B fraud: fake offices, phony firms and a scandal hiding in plain sight
-
Alaska1 week agoHowling Mat-Su winds leave thousands without power
-
Texas1 week agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
Ohio1 week agoWho do the Ohio State Buckeyes hire as the next offensive coordinator?
-
Washington4 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa6 days agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire
-
Miami, FL7 days agoUrban Meyer, Brady Quinn get in heated exchange during Alabama, Notre Dame, Miami CFP discussion
-
Cleveland, OH6 days agoMan shot, killed at downtown Cleveland nightclub: EMS
-
World6 days ago
Chiefs’ offensive line woes deepen as Wanya Morris exits with knee injury against Texans
