Fake Antivirus Scams That Demand Gift Cards
How fake security software pop-ups and cold calls create virus panic before demanding gift card codes as payment for 'removal' — and why genuine antivirus software never requests gift card payment.
Part of: Fake Antivirus Scams
Last reviewed: 1 June 2026
Fake antivirus scams occupy a specific niche: they exploit the genuine concern people have about computer security and then offer a 'solution' that is itself the threat. The fraud typically begins with a browser pop-up or a downloaded programme that mimics a security scan, displays alarming results, and then presents a payment option — always gift cards — to 'remove' the fabricated infections. No real security software asks for gift card payment. Ever.
This guide covers how fake antivirus scams specifically funnel payment through gift cards, the redemption mechanics that make gift cards operationally ideal for this fraud, and the steps to take if a pop-up has appeared or a fake programme has been installed.
How this scam works on gift cards
Fake antivirus pop-ups appear on websites through malicious ad networks and are designed to look like genuine security alerts from Windows Defender, Norton, McAfee, or a fictitious security brand. The scan animation runs quickly and returns a list of 'critical infections,' often with official-sounding threat names. A button labelled 'Remove threats' or 'Clean now' opens either a fake payment flow or a phone number to call for 'support.'
When the victim calls the number, they reach a call centre that walks them through apparent 'removal' steps while maintaining that a payment is required to fully restore the computer. Gift cards — Google Play, iTunes, Steam, or retail brands — are specified because they are available locally, have no fraud screening at point of purchase, and are redeemable instantly.
A related variant involves software downloaded from a deceptive website (often promoted via search ads or fake virus alert pop-ups) that installs and runs a fake scan, then presents a purchase screen. The 'software' may have a legitimate-looking EULA and a professional interface, but any payment it collects goes to the scammer. The fake programme itself may install real malware while the victim is focused on the payment process.
Once gift card codes are read out or typed into the payment flow, they are redeemed within seconds. The installed fake software may persist and demand renewal payments or escalate to demands for banking credentials.
Common red flags
- A browser pop-up with a scan animation listing 'critical' infections and a button to fix them now
- A security alert that locks the browser or prevents you from closing the window
- Any antivirus or security programme that asks for gift card codes as the payment method
- A support number embedded in a security pop-up — genuine antivirus companies do not operate this way
- Scanned 'threat names' that sound technical but cannot be found in any legitimate security database
- A phone caller who offers to remove viruses but asks you to buy gift cards before proceeding
How to protect yourself
- Close pop-up browser windows using keyboard shortcuts (Alt+F4 on Windows, Cmd+Q on Mac) — never call a number shown in a security pop-up
- Genuine antivirus software never requests payment via gift card codes — any such request is fraud
- If a fake programme has been installed, uninstall it through Settings → Apps and run a scan with a legitimate security product from its official website
- If a pop-up has locked your browser, close it using Task Manager (Windows) or Force Quit (Mac) without clicking anything on the page
- Report suspicious security pop-up domains to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish
How to report it
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK)
- Report the fake software's website to the brand it impersonates — Norton, McAfee, and Microsoft all have abuse reporting channels
- If gift card codes were shared, contact the card issuer immediately with your purchase receipt
- Report the phone number used to your national telecom regulator
Frequently asked questions
Does any legitimate security software accept gift card payment?
No legitimate antivirus or security software accepts gift card codes as payment. Security software is purchased through official websites, app stores, or retail software channels — all of which use standard payment methods. A gift card payment request from any security programme or support caller is universally a fraud indicator.
Can a browser pop-up actually show real scan results about my computer?
No. Websites do not have the system-level access required to scan your files or detect software installed on your computer. A browser pop-up claiming to show antivirus scan results is always fabricated — the numbers, file names, and threat descriptions displayed are generated by the page's code with no relationship to your actual system.