Articles & Columns » Mac Q & A - Mac and OS X Questions and Answers

I occasionally answer Mac and OS X-related questions here for Montana Mac users. Go to the front page of Mac Q & A to learn more. And check my archives.

Mac Q & A: Another Scam from macsystemalerts.com

My Mac Q & A Question: Now I’m getting a screen in Safari from macsystemalerts.com that says “YOUR BROWSER HAS BEEN LOCKED.” It gives a number to call 1-800-680-4131. That’s not an Apple phone number. I can close Safari, but this must be a scam. M.P., Missoula

macsystemalerts.com is yet another scam having to do with fake Javascript pop-ups saying all manner of things, like the FBI is after you, the police are going to arrest you, and on and on. They are all fake. (You can also read my earlier post Mac Q & A: Is applesecurityalerts.com a Scam?) Nothing is wrong with Safari and nothing is going to get you arrested. macsystemalerts.com is a bogus domain not owned by Apple. Keep reading to learn how to get out of the pop-up.

And mac-system-alerts.com is the same deal; it’s a scam, too, as are apple.com-securitywarning.com, safarisecurityalert.com, macsecurityissue.com, macbrowseralerts.com, mac-online-alert.com, mac-issues-online.com, online-apple-alerts.com, helpmetek.com, applesecurityalert.com, websternal.net, newsalert.report-o.com, geek-techies.com, system-connect.com, instants-pc-fix.com, etc.

The scammers want you to call that phone number, and when you do, they will want to sell you worthless software that they want to install from afar to “fix” the problem. They will tell you the problem is a virus or malware, and they can fix it for a price. The problem is that there is no problem, and the scammers want to scare you into calling them. The software they sell you will either be worthless, or worse, it will be malware itself.

The macsystemalerts.com scam window is not a virus and is only Javascript running in Safari. The popup is usually easy to get out of. Just close the Safari window, and when you get the popup, click “Leave the Page” and you should be able to close Safari.

image

The macsystemalerts.com popup – it’s all fake

But other variants of this scam lock the Safari window open. If you can’t simply close the window, you need to disable Javascript, or worst case, force quit Safari. Do this first: from the Safari menu bar, select Safari > Preferences… > Security and uncheck the box marked Enable JavaScript. This will disable Javascript so you can close Safari. (But leave the Preferences dialog box open.) Now close the window or tab. Then you can re-enable JavaScript and close Preferences.

If that doesn’t work, you need to force quit Safari, because the Javascript pop-up has a more firm hold on Safari. So do this: go to the Apple menu and select “Force quit…” Select Safari from the menu and quit it. And then it’s best if you remove all website data. Do that by going to Safari > Preferences… > Privacy > Remove All Website Data to get rid of any cookies or other data left by the server. And then open your Downloads folder and delete anything you don’t recognize. (Once you have cleared cookies, you will need to log back into sites that had persistent logins, but you do need to clear cookies and the cache to be sure the macsystemalerts Javascript is gone).

Worst case, if the two methods above don’t get you out of the Safari popup, disconnect from the internet and restart Safari and/or your Mac. That will stop Safari from loading the Javascript from the malicious site, and then you can close Safari and clear your website data.

You can also start up your Mac in Safe Mode, which disables everything but the most basic functions and will allow you start Safari without the malicious javascript taking hold. Hold down the Shift key right after you hear the start up sound. Read OS X: What is Safe Boot, Safe Mode? – Apple Support for more information.

If you Google Search 1-800-680-4131 that phone number, you will find scam reports, like this one Scam report for 800-680-4131.

If you did call that number and talk to someone and give them a credit card number for software for your Mac, you need to call your bank and stop the charge. What they sold you is more than likely junk, and your card may be used for other unauthorized charges, too. You should file a complaint with the FCC.

And very importantly, if you allowed anyone to remotely install software, delete whatever was installed and also scan your Mac for malware. The best thing to do is run Software Update on your Mac to get the latest updates and malware fixes from Apple. And although this Javascript popup from macsystemalerts.com is not a virus, you may want to consider using antivirus, too. See ClamXav in the Mac App Store.

There are many of these scams coming and going over the last year, and this domain – macsystemalerts.com – is not owned by Apple; it’s owned by someone named Surya Kumar, in New Delhi, India. Other bogus domains are mac-system-alerts.com, mac-system-issue.com, hostingprivilege.com, macsecurityissue.com and macsystemsalert.com. Another is called Safaro-Alert.

Apple has been playing whack-a-mole with these domains and scammers, trying to shut them down, but they keep popping back up. macsystemalerts.com has actually survived since the domain was first registered on October 29th. I’m sure Apple is trying to shut down the domain, as they have other scam domains, but they haven’t had any luck with this one. The domain is registered with GoDaddy, well known as the registrar of choice for junk domains and scammers. See Whois macsystemalerts.com for the whois registration information.

Hope that helped, Mark

Are you a Montana Mac user? Send me your question for Mac Q & A: Contact Me

Related articles:


Blue says you should check out these other Mac Q & A's: