Is Windows Defender security warning a scam?

The Windows Defender security warning is a particular scam that is commonly referred to as a phishing scam. And what that means is that it tries to emulate an actual warning or error message to get the users to download something or contact a bad actor to continue the ruse.

But, the ironic thing about this particular scam is that it’s designed to look and act like a Windows error. So, if you’re seeing this message on your Mac, that should be the first sign that something is not right here.

If you get this error message as a pop-up once or twice, maybe consider what websites you’re browsing when they appear. Otherwise, just close and ignore them. However, if this is happening every time you use your browser, this could be symptomatic of malware that has been installed.

Could a Windows Defender security warning be legit?

A legitimate Windows Defender security warning can protect users by informing them when there’s a danger that they need to be aware of.

Here’s how to recognize a fake Windows Defender security scam:

  1. It will likely jump up over your screen with flashing animations, taking over the browser.
  2. It will ask for payment to fix a very urgent problem.
  3. It will likely tell you to call a “support” phone number.
  4. It will use pushy, panicky, aggressive language, such as, “Infection! Call Now!”
  5. It shows up on Mac, and there is no real Windows Defender for a Mac.

A real Windows Defender alert will have the proper Microsoft branding, will give you a clear path to fixing the problem, and will never ask for payment or ask you to call a number. Plus, it won’t appear on a Mac.

How did I end up with malware on my Mac?

Malware can be installed in a variety of ways. And yes, Macs can get malware. While macOS is a much more stable operating system than some of the other ones publicly available, as it’s grown in popularity, it has also been a more promising target for hackers and scammers.

The more common ways malware can be installed on your Mac is through sketchy downloads and torrents. It can also be bundled with free software. Or it can be installed through a phishing attempt like this one. You’ll see a pop-up on your computer that says you have a virus and need to install some magical software to get rid of it.

Why scammers use fake Windows Defender security warnings

It may not be immediately apparent, but there are some very good reasons why scammers are fond of the Windows Defender security warning scam:

  1. People trust Microsoft — if the scammer can persuade the victim that the alert is from Microsoft, then there’s a higher chance of success for the scam to work.
  2. People respond to fear and danger — it is human nature to respond to feelings of dread. By telling the victim that there is an imminent catastrophe, the scammer is playing on natural human instincts.
  3. It’s low-effort, high reward — Windows Defender security warnings are an easy way for a scammer to make money and require minimal effort. As well as demanding payment for nonexistent problems, attackers can also get the victim’s credit card details to be sold later.
  4. They get remote access to the target computer — to fix the alleged “problem,” the scammer will ask for remote access to the victim’s computer. When that’s done, they can steal sensitive data and plant more malware to cause more damage and potentially more profit.

How to remove the Windows Defender security warning scam manually

Malware that’s typically associated with scams like the Windows Defender security warning and other browser redirects live as extensions or browser plugins.

The thing is, when malware is installed, it’s not usually just for your default browser. But it gets added to every browser you have on your Mac. That’s why it’s important you follow the instructions for each browser listed below, not just the one you primarily use.

Safari

As the default browser for macOSX, Apple has made it really easy to manage extensions. Once you have Safari open, just follow these steps:

  1. Click Safari > Settings > Extensions.
  2. In the left panel, choose any plugin you don’t recognize.
  3. Then, click Uninstall.

Sometimes Safari extensions are part of apps that are installed in your Applications folder. If that’s the case with the one you’re trying to remove, Safari will prompt you to delete it from that folder first.

Google Chrome

Chrome also makes it easy to manage your extensions. But, do keep in mind that you can sync your extensions across devices. So, if you remove an extension on your Mac, you’ll be removing it from those other devices too.

You can manage those browser extensions by following these instructions:

  1. Open Google Chrome.
  2. Click the Extension icon > Manage Extensions.
  3. Choose any extension you don’t recognize and click Remove.
  4. Then, click Remove again.

Firefox

If you also have Firefox installed, open it and follow these three easy steps:

  1. In the top right, click the three lines > Settings > Extensions & Themes.
  2. Look for any malicious or strange extensions.
  3. Click … > Remove.

After you’ve removed all of the suspicious browser extensions, go ahead and restart your Mac. This makes sure that all of your software, including your browsers, can quit and start back up fresh.

Automatically remove malware from your Mac

At the end of the day, the best prevention for malware is to continually scan your device and destroy all threats before they can gain a foothold. For this, CleanMyMac, powered by Moonlock Engine, is a powerful tool. Here’s how it works:

  1. Get your free CleanMyMac trial.
  2. Open the app.
  3. Select the Protection feature on the left.
  4. Click Configure Scan first to access the settings and choose your scan settings. We recommend selecting everything — especially Deep Scan.
  5. Exit Configure Scan and click the Scan button. CleanMyMac will start methodically searching your Mac, looking for all files related to the fake Windows Defender alert malware. It may also find other malware threats hiding on your Mac.
  6. When malware has been found, CleanMyMac will show it to you. Select it and click Remove.

    How to protect yourself from scams like the Windows Defender security warning

    So how do you minimize the danger of a fake Windows Defender alert happening to you? Here are some easy tips to follow:

    1. Never click any links from people you don’t know — malware-infected links can lead to browser hijacking. This, in turn, can make Windows Defender pop-ups appear.
    2. Keep your macOS operating system updated — malware takes advantage of security vulnerabilities, so make sure you apply all macOS patches as quickly as possible.
    3. Never interact with the fake alert — if you get any kind of alert from Windows Defender, never interact with it.
    4. Only allow remote access to people you trust — always be extremely selective about who you give remote access to. Once they’re in, they can potentially cause a lot of damage and theft. Never allow anyone in who you don’t know or can’t trust. And if you do allow it, revoke that access immediately afterwards.

    The Windows Defender security warnings could be a symptom of malware installed on your computer. And could be indicative of bigger things to be concerned about. While the scam itself won’t do any harm to your Mac, it’s the malware that could exploit your computer, or worse, leave it more vulnerable for future attacks.