The ISC documents a popular and dangerous scam that is increasing in frequency.  A realistic AV screen popup appears that warns of a virus infection.  It references user to a fake tech support phone # where the user may receive fraudulent charges on their credit card or malware may be implanted on the device as well.  Only rely on pop-ups from the AV product installed on your device and users should be educated on these risks.

https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/

I found several compromised sites leading to these fake AV pages and other unwanted destinations.  They all had the same characteristics, and I documented how these compromised sites could be found through Google (link).  However, that particular campaign isn’t the only one pushing fake AV pages.

Below is an example of a fake AV page as seen on a Windows host using Google Chrome.  When I used Internet Explorer, I could not close the popup notifications (they just reappeared), and the browser window would not close unless I killed the process using Task Manager.  This is a social engineering scheme to trick people into calling a fake tech support phone number.  Once you call the number, a fake support technician will walk you through several steps to supposedly fix your computer.  Eventually, you’ll be asked for a credit card number to pay for this service.