The ISC documents a popular and dangerous scam that is increasing in frequency. A realistic AV screen popup appears that warns of a virus infection. It references user to a fake tech support phone # where the user may receive fraudulent charges on their credit card or malware may be implanted on the device as well. Only rely on pop-ups from the AV product installed on your device and users should be educated on these risks.
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
I found several compromised sites leading to these fake AV pages and other unwanted destinations. They all had the same characteristics, and I documented how these compromised sites could be found through Google (link). However, that particular campaign isn’t the only one pushing fake AV pages.
Below is an example of a fake AV page as seen on a Windows host using Google Chrome. When I used Internet Explorer, I could not close the popup notifications (they just reappeared), and the browser window would not close unless I killed the process using Task Manager. This is a social engineering scheme to trick people into calling a fake tech support phone number. Once you call the number, a fake support technician will walk you through several steps to supposedly fix your computer. Eventually, you’ll be asked for a credit card number to pay for this service.