Malware and Fake Pop-up Scams via Email
Malicious emails deliver links or attachments that trigger fake browser alerts or install malware designed to steal data or extort victims.
Part of: Malware Popups
Last reviewed: 1 June 2026
Malware is frequently delivered through email. A malicious link or attachment opens a webpage displaying a fake system alert — warning that the computer is infected, locked, or under threat — that cannot be closed normally. The goal is to panic the recipient into calling a fraudulent support number or downloading a 'fix' that installs remote-access tools or ransomware.
Email is effective for this because recipients are accustomed to clicking links and opening attachments. A convincing subject line ('Your invoice is attached', 'Shared document from [Colleague]') is often sufficient to persuade someone to interact with content they would normally treat with caution.
How this scam works on Email
A malicious email attachment — disguised as a Word document, PDF, or ZIP file — executes a script when opened, installing keyloggers, banking trojans, or ransomware in the background without visible symptoms. Alternatively, a link leads to a page that triggers a full-screen browser lock-up displaying a fake Microsoft or security-vendor warning with a phone number.
Email-delivered malware can also silently install tools that activate weeks later, capturing credentials as the victim uses their device normally, making it hard to trace the source of a later account compromise.
Common red flags
- Unexpected attachment from an unknown sender, especially .zip, .exe, .docm, or .js files
- Link in email that opens a browser page showing a locked screen or alarming system alert
- Phone number displayed on a 'system warning' page reached from an email link
- Email purporting to be from a colleague sharing a document you were not expecting
- Macro-enabled Office files prompting you to 'Enable Content'
- Device becomes sluggish, or unknown processes appear after opening an email attachment
How to protect yourself
- Do not open email attachments from unknown senders — when in doubt, verify with the purported sender by phone
- Keep your email client, browser, and operating system fully updated to reduce exploit risk
- Maintain up-to-date security software from a reputable vendor
- If a browser page locks up with a warning, force-close the browser — do not call any number shown
- Disable automatic macro execution in Office applications
How to report it
- Report the email to your email provider as phishing or malware
- Submit the malicious file or URL to your national cyber authority or a public malware analysis service
- If malware was installed, seek professional help to clean the device and change all passwords from a different device
Frequently asked questions
What should I do if my browser is locked by a pop-up from an email link?
Force-quit the browser (Task Manager on Windows, Force Quit on Mac). Do not call any phone number shown and do not download anything. Restart the browser and avoid reopening the tab. Run a scan with reputable security software.