Malware Popups
Aggressive popups and fake alerts that push malware downloads or fake support numbers.
Last reviewed: 1 June 2026
What this scam is
Malware popups are deceptive browser-based alerts — fake software updates, prize notifications, infection warnings, or 'allow notifications' prompts — that are designed to trick you into downloading malicious software, calling a fake support line, or granting a website permission to send you persistent scam notifications.
Unlike scareware that mimics your operating system, malware popups operate within the browser window. They appear on legitimate-looking or genuinely compromised websites, triggered by malicious advertising networks that pay to place ads even on reputable sites. The popup itself may be difficult to close, filling the screen or disabling the close button to increase pressure.
There are several distinct harmful outcomes. Clicking a download button installs malware — often disguised as a browser update, media player, or codec. Clicking 'Allow' on a notification permission prompt grants that website the ability to send pop-up notifications indefinitely to your desktop, flooding you with further scam alerts even when your browser is closed. Calling a phone number from the popup connects you to a fake support line. Each pathway serves a different aspect of the scam economy.
How it works
The popup is typically triggered by a malicious advertisement served by an ad network, or by visiting a website that has been compromised. Free streaming sites, unofficial download portals, and sites in grey-area content categories are common sources, but malicious ads can appear anywhere that uses third-party advertising.
The popup displays a plausible-sounding alert — your browser is outdated, you have won a prize, a virus has been detected, or a critical update is available. Some popups use audio (a voice warning, an alarm) to increase alarm and prevent you from ignoring them.
The most common lure is a 'browser update required' message. The design mimics the style of your browser or operating system, and a prominent button is labelled 'Update' or 'Download'. This button initiates a file download of malware rather than any legitimate software.
The notification permission trap is subtler. A site displays a box saying 'Click Allow to continue' or 'Allow to prove you are not a robot'. Clicking Allow grants that domain permission to send browser notifications to your desktop indefinitely. The notifications that follow are typically scam alerts, fake antivirus warnings, or adult content promotions — all with links to further scam pages.
Browser-lock variants use JavaScript to make it difficult or impossible to close the tab, creating the impression that your computer itself has locked up.
Why this scam works
Malware popups exploit the fact that browser windows and operating system alerts can look similar to an untrained eye. When something claims to represent your browser or your system, the instinct is to trust it as you would trust your computer's own messages.
The 'update required' framing is particularly effective because software updates are genuinely important, and many users are accustomed to clicking update prompts. A fake update prompt fits naturally into existing habits.
The notification permission trick works because the 'Allow / Block' dialogue looks like a neutral technical prompt rather than a security decision. Many people click Allow on any dialogue that is blocking what they want to do without reading what they are consenting to.
A typical pattern
A person visits a free streaming website. A pop-up appears saying their browser is outdated and insecure, with a prominent 'Update Now' button. They click it and a file downloads. They run the file, which installs what appears to be a browser component but is actually adware that injects advertising into every website they visit. Shortly afterwards, they also notice browser notifications appearing on their desktop from an unfamiliar website, advertising scam products. They had clicked 'Allow' on a previous visit without realising what it meant.
Common red flags
- Pop-up claiming your browser or software needs an urgent update
- Pop-up announcing you have won a prize
- Notification permission prompt on an unfamiliar site
- Page that fills the screen and resists being closed
- Alarm sounds or a voice warning from a browser window
- Countdown timer on a warning message
- Download button that appears without you requesting an update
- Phone number displayed alongside an infection or security warning
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your browser is out of date and at risk! Click Allow and Download to update now.
CONGRATULATIONS — You have been selected as today's lucky visitor! Claim your prize: [fake link].
Critical security update required for your browser. Download now to stay protected: [fake link].
Allow notifications to continue watching. Click Allow below.
Warning: Malicious activity detected. Your browser has been locked. Call [phone number] immediately.
Your Flash Player is outdated. Update now to continue viewing content: [fake link].
Common variations
- Fake browser update — malware disguised as a Chrome, Firefox, or Edge update
- Notification permission trap — 'Click Allow to continue' leads to persistent notification spam
- Prize pop-up — fake prize notification luring to a scam site
- Fake plugin/codec — 'install this to watch the video' delivers malware
- Browser-lock variant — JavaScript prevents tab from closing, pushing a phone call
- Audio alarm variant — pop-up plays siren and voice warning to increase panic
How to verify before you act
Browsers update themselves automatically or through the browser's own menu — not through pop-ups on websites. Any webpage claiming your browser needs updating is not a legitimate update prompt.
To check whether your browser is genuinely out of date, open the browser's menu (typically the three-dot or hamburger icon) and navigate to Help > About. This will show your current version and trigger any available update.
If a notification permission prompt appears on a site you were not expecting it from, click Block. Legitimate services that use notifications will explain why they are requesting permission, and you can always re-enable later from the site's settings.
If a pop-up is blocking you from closing a tab, try closing it via the browser's window controls or using keyboard shortcuts (Ctrl+W / Cmd+W). If that fails, force-quit the browser. Your computer is not actually locked.
Payment methods used
- Credit or debit card via subsequent scareware
- Remote-access theft after calling a fake number
Who is usually targeted
- General web users
- People visiting unofficial streaming or download sites
What to do immediately
- Close the tab or browser without clicking any button on the popup
- If the tab won't close, use keyboard shortcuts (Ctrl+W / Cmd+W) or force-quit the browser
- Go to your browser's notification settings and remove any unfamiliar sites
- If you clicked Allow on a notification prompt, revoke the permission immediately
- If you downloaded and ran a file, run a security scan with reputable software
- Do not call any phone number displayed in a popup
- Clear your browser's notification permission list of any sites you did not intentionally add
How to prevent it
- Keep your browser up to date — updates happen through the browser itself, not via websites
- Use a reputable ad blocker to reduce exposure to malicious ads
- Click Block on notification permission prompts unless you specifically want alerts from that site
- Avoid unofficial streaming and download sites where malicious ads are most common
- If a pop-up resists closing, force-quit the browser rather than interacting with it
- Review and revoke notification permissions in your browser settings periodically
- Never run a downloaded file that a webpage prompted you to download
Evidence to preserve
- Screenshot of the popup
- The URL of the page that triggered it
- Name of any file that was downloaded
- Any phone number that appeared in the popup
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
I clicked 'Allow' on a notification popup — what now?
Go to your browser's notification settings and remove permission for that site. Run a security scan, and avoid the website that triggered the popup. Do not call any number it sends in subsequent notifications.
Is my computer actually infected from a popup?
Viewing a popup page alone is very unlikely to infect your computer unless you downloaded and ran a file from it. If you only saw the popup and closed it, you are probably fine — run a security scan for peace of mind.
How do I check whether my browser is genuinely out of date?
Open your browser menu and go to Help > About. This shows the current version and will trigger a real update if one is available. Never trust a webpage that claims your browser needs updating.
Why do these popups appear on legitimate websites?
Many reputable sites use advertising networks to earn revenue. Malicious advertisers can pay to place ads that contain scam popups even on otherwise trustworthy sites. Using an ad blocker significantly reduces this risk.
I ran a file from an 'update' popup — what should I do?
Run a full security scan with reputable security software immediately. If the scan finds malware, follow the removal instructions. Change passwords on important accounts from a clean device as a precaution.
How do I stop notification spam from a website?
In Chrome: Settings > Privacy and security > Notifications. In Firefox: Settings > Privacy and Security > Notifications. Find the offending site and remove or block its permission.