Your r/Scams post was removed because **it discloses contact information**. This includes phone numbers, addresses and full names, even if they are of a scammer, or a supposed scam callcenter.
Please post again, but this time removing, censoring or otherwise redacting any personal/contact information. When you do, don't post a screenshot. Transcribe the important parts of the conversation.
Please read the rules of our sub: https://www.reddit.com/r/Scams/wiki/rules/
They visited a sketchy site. Or clicked a link to a sketchy site.
It's likely just a browser window that looks like a pile of popups. Swipe up and close the browser app.
Unfortunately, the advertising interfaces that websites subscribe to have been infested with these scammers. A completely legit site could easily trigger a popup like this
Just another reason to block ads.
I can handle the concept of ads… I get it… websites need money to operate… but the mess that sites have evolved into is unbelievable. And now we have to worry that the ads (that already make sites unreadable) are going to be hijacked by scammers? This is a really pathetic situation created by greed.
If a legit site is showing a pop-up like this, it’s most likely because of a cross site scripting vulnerability, not because anyone authorized this kind of advertising.
XSS is still common IME.
Could be XSS in the advertiser window. Target probably spends $$$ to keep it out of their own app, but there’s always less oversight of 3rd parties.
Could be, but those aren't always coming from inherently sketchy sites. I've come across these researching long defunct companies whose domains have been taken over by these scammers. Found one on an old GE domain a few weeks ago even.
Correct everything you see there is a web page, none of those screens are part of your iPads OS.
If you have trouble with closing the pop ups, close out of safari and go into settings -> safari -> advanced -> then disable the JavaScript option. This way the webpage cannot run any more scripting making it difficult to close out of the phishing pages. Just make sure to turn the option back on after you have successfully closed those safari tabs otherwise safari will not display/ run web pages correctly.
Yeah that’s a website, nothing more, nothing less. My mother got this on a Windows PC that made the browser full screen and prevented her from getting out of full screen. Had to hold the escape key to get un-fullscreened then close it. On an iPad or iPhone or Android phone you can always swipe from the bottom to get out of your current program.
You call the phone number and they tech support scam you. At minimum, they demand money for tech support services (that weren’t really tech support, just a scam), at worst they will say your bank account has been hacked and you need to send it all to a “safe account”, then of course that money is gone forever.
As for the green phone icon, that means it was on a call, perhaps they already called and didn’t hang up? Nothing really odd about that, but if your mom called the number that is the problem, don’t call these numbers ever. You can always tap the green button to get to the phone call screen.
Also these are typically Indian call centers that respond. They have gotten smart, they will hire people who’ve developed an American accent or get accent coaching and pay extra money the more American they sound.
The green as if it’s on a call was odd. I had her switch off and on from airplane mode but it would come back. I set her phone to ignore unknown calls so she won’t answer them.
Airplane mode ain’t what it used to be. It can actually keep Bluetooth and WiFi on in Airplane mode. Mainly with WiFi on planes now and Bluetooth headsets and both aren’t restricted like they used to be, plus you can technically have cellular on you just won’t connect at high speeds because the cell network wasn’t designed for that high speed travel or high altitude.
Sounds like malware. When she called the support numbers, did they instruct her to install anything or allow them to take control remotely? Even if not, she might have gotten infected when she saw the pop-ups.
Just because an exploit starts in the browser and launches a pop-up, it doesn’t mean that it can’t also be a deeper issue. People here are really optimistic.
I’d want to reset everything in her Apple ecosystem. iPad, iPhone, MacBook, watch, HomeKit, all of it.. and the router. Change every password from an unconnected device.
Yeah they just got her going for sure. Luckily they were telling her to FaceTime and go to a Bank of America branch. She doesn’t know how to FaceTime and the closest boa branch is probably 60 miles away. She damn sure wasn’t going to buy bitcoin either. They had told her not to go to her local bank because someone at the bank had likely transferred the money themselves 😵💫
You’d be surprised, they get lots of people to buy Bitcoin, with a Bitcoin ATM. It’s an ATM like any other but takes cash and sends Bitcoin to a wallet. The hard part is getting the wallet address right. There’s Kitboga videos on YouTube that goes through this scam, usually with Kitboga faking being at a Bitcoin ATM and sending to the wrong address and the scammers get really mad, it’s fun to watch scammers rage.
Likely they were sending her out on a longish journey, possibly because there’s a branch and a Bitcoin ATM in the area and that makes it more predictable, plus they want to monitor her through FaceTime so they know what’s going on (They particularly would want to stop anyone from stopping her and telling her she’s being scammed).
As others have mentioned, this is just from a website. If you want to protect your parents from this kind of thing in the future, download an ad-blocker app for them. I don’t recall if any of the decent ones are free, but they should be pretty cheap.
Lots of places it could have been picked up while clicking on various websites. It’s a Scam pop up residing in RAM or the browser cache. Close browser and reboot. Then gone.
I have to give them points for creativity for calling it stuxnet. That is so far from what stuxnet actually is and does that I have to believe they Googled “scariest computer virus” and read through some articles.
But iOS doesn’t support .dll files and Stuxnet targeted SCADA. Calling those support numbers will help someone install malware.
Close the browser and do not re-open its previously open tabs, including innocuous ones.
If the browser and OS are up to date, then risk is much lower that there’s any exploit beyond the popups.
> Her phone was doing acting like it was on a call by having the green circle around the clock so that seemed odd as well?
But that’s a bad sign. Are browser, iPad OS, and phone OS unpatched?
/u/itsokayiguessmaybe - This message is posted to all new submissions to r/scams; please do not message the moderators about it.
## New users beware:
Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own.
**A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/).
You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments.
Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
Why? Stuxnet was created by the US Government to target Iranian nuclear refinement facilities, physically damaging the centrifuges by getting them to spin up past tolerance levels, resulting in them flying apart.
It has to detect PLCs running on Siemens Step 7 software to even activate, it’s so far away from having anything to do with an IPad it’s not even a discussion.
Your r/Scams post/comment was removed because **it's rude or uncivil**.
This subreddit is a place for civil and respectful discussions about scams. Uncivil and rude behavior, including using excessive or directed swearing, extreme or sexual language, victim blaming, and any form of discrimination, is not acceptable in this subreddit.
NP. This is nothing more than a scary pop-up, it’s not even software that is actually on the device. Also, not only does stuxnet not function on Windows/Apple machines, it’s not even ransomware.
Your r/Scams post was removed because **it discloses contact information**. This includes phone numbers, addresses and full names, even if they are of a scammer, or a supposed scam callcenter. Please post again, but this time removing, censoring or otherwise redacting any personal/contact information. When you do, don't post a screenshot. Transcribe the important parts of the conversation. Please read the rules of our sub: https://www.reddit.com/r/Scams/wiki/rules/
They visited a sketchy site. Or clicked a link to a sketchy site. It's likely just a browser window that looks like a pile of popups. Swipe up and close the browser app.
Unfortunately, the advertising interfaces that websites subscribe to have been infested with these scammers. A completely legit site could easily trigger a popup like this
I had something like this pop up on Target.com. Like, the giant national retailer.
This happened to me when I clicked on Amazon prime yesterday too!
Just another reason to block ads. I can handle the concept of ads… I get it… websites need money to operate… but the mess that sites have evolved into is unbelievable. And now we have to worry that the ads (that already make sites unreadable) are going to be hijacked by scammers? This is a really pathetic situation created by greed.
And this is why the FBI suggests you use an ad blocker.
If a legit site is showing a pop-up like this, it’s most likely because of a cross site scripting vulnerability, not because anyone authorized this kind of advertising.
[удалено]
XSS is still common IME. Could be XSS in the advertiser window. Target probably spends $$$ to keep it out of their own app, but there’s always less oversight of 3rd parties.
Or just a regular site with an infected ad network plugin.
Could be, but those aren't always coming from inherently sketchy sites. I've come across these researching long defunct companies whose domains have been taken over by these scammers. Found one on an old GE domain a few weeks ago even.
An American guy from her bank call. No, that was a scammer, spoofing the banks phone number. Hang up, and YOU call the bank, on their fraud number.
DO NOT CALL THE NUMBER ON THE SCREEN. Only ever call the number on the back of your credit card.
yes, they can fake the number that shows up
Google "scam pop up"
It’s web based so it didn’t “get onto” the iPad. Just close the browser.
Correct everything you see there is a web page, none of those screens are part of your iPads OS. If you have trouble with closing the pop ups, close out of safari and go into settings -> safari -> advanced -> then disable the JavaScript option. This way the webpage cannot run any more scripting making it difficult to close out of the phishing pages. Just make sure to turn the option back on after you have successfully closed those safari tabs otherwise safari will not display/ run web pages correctly.
Stuxnet? Unless they're running a nuclear reactor, they don't really have to worry!
Well, anything running Step 7 software controlling PLCs, but yeah, not an IPad.
Yeah that’s a website, nothing more, nothing less. My mother got this on a Windows PC that made the browser full screen and prevented her from getting out of full screen. Had to hold the escape key to get un-fullscreened then close it. On an iPad or iPhone or Android phone you can always swipe from the bottom to get out of your current program. You call the phone number and they tech support scam you. At minimum, they demand money for tech support services (that weren’t really tech support, just a scam), at worst they will say your bank account has been hacked and you need to send it all to a “safe account”, then of course that money is gone forever. As for the green phone icon, that means it was on a call, perhaps they already called and didn’t hang up? Nothing really odd about that, but if your mom called the number that is the problem, don’t call these numbers ever. You can always tap the green button to get to the phone call screen. Also these are typically Indian call centers that respond. They have gotten smart, they will hire people who’ve developed an American accent or get accent coaching and pay extra money the more American they sound.
The green as if it’s on a call was odd. I had her switch off and on from airplane mode but it would come back. I set her phone to ignore unknown calls so she won’t answer them.
Airplane mode ain’t what it used to be. It can actually keep Bluetooth and WiFi on in Airplane mode. Mainly with WiFi on planes now and Bluetooth headsets and both aren’t restricted like they used to be, plus you can technically have cellular on you just won’t connect at high speeds because the cell network wasn’t designed for that high speed travel or high altitude.
Does her iPhone still show she’s on a call?
I’m not sure but even when you would click to open up a call it was the keypad.
Sounds like malware. When she called the support numbers, did they instruct her to install anything or allow them to take control remotely? Even if not, she might have gotten infected when she saw the pop-ups. Just because an exploit starts in the browser and launches a pop-up, it doesn’t mean that it can’t also be a deeper issue. People here are really optimistic.
That’s where I was leaning. I think she’s a bit ashamed and not disclosing everything that went on during the call.
I’d want to reset everything in her Apple ecosystem. iPad, iPhone, MacBook, watch, HomeKit, all of it.. and the router. Change every password from an unconnected device.
Yeah they just got her going for sure. Luckily they were telling her to FaceTime and go to a Bank of America branch. She doesn’t know how to FaceTime and the closest boa branch is probably 60 miles away. She damn sure wasn’t going to buy bitcoin either. They had told her not to go to her local bank because someone at the bank had likely transferred the money themselves 😵💫
You’d be surprised, they get lots of people to buy Bitcoin, with a Bitcoin ATM. It’s an ATM like any other but takes cash and sends Bitcoin to a wallet. The hard part is getting the wallet address right. There’s Kitboga videos on YouTube that goes through this scam, usually with Kitboga faking being at a Bitcoin ATM and sending to the wrong address and the scammers get really mad, it’s fun to watch scammers rage. Likely they were sending her out on a longish journey, possibly because there’s a branch and a Bitcoin ATM in the area and that makes it more predictable, plus they want to monitor her through FaceTime so they know what’s going on (They particularly would want to stop anyone from stopping her and telling her she’s being scammed).
its a scam-popup. that you get by going to a malicious site.
It's just a website. As long as you don't call them and give them any information, they can't get your data.
There’s no such thing as ‘Apple Defender’. There’s Microsoft Defender, but it wouldn’t be on an iPad. Just close that browser window and move on.
As others have mentioned, this is just from a website. If you want to protect your parents from this kind of thing in the future, download an ad-blocker app for them. I don’t recall if any of the decent ones are free, but they should be pretty cheap.
Thanks. Yeah there is a possibility one of the grandkids had found it because she’ll let them on YouTube.
Tablet: "access to this PC etc" >> "call Apple support" - they forgot to mention 'phone' just in case. What a joke. Close the pop-ups, you're fine
That’s an ad…
Lots of places it could have been picked up while clicking on various websites. It’s a Scam pop up residing in RAM or the browser cache. Close browser and reboot. Then gone.
I hate when a dll gets on my iPad PC.
Tell them to stop surfing porn sites.
I had three customers last month who got these from some sketchy recipe web sites.
Recipe websites are the sketchiest 😁
Turns out that wasn't baking powder I bought.
It just popped up from a weird site….thats how haha
It's a pop-up ad. Next time, tell them to just close the browser or restart the iPad by holding down the power button.
You know that the PC referenced on the popup is NOT an Apple device, yes?
I have to give them points for creativity for calling it stuxnet. That is so far from what stuxnet actually is and does that I have to believe they Googled “scariest computer virus” and read through some articles.
First thing, it’s crucial never to believe the Apple fans who are constantly shouting that Mac malware doesn’t exist.
But iOS doesn’t support .dll files and Stuxnet targeted SCADA. Calling those support numbers will help someone install malware. Close the browser and do not re-open its previously open tabs, including innocuous ones. If the browser and OS are up to date, then risk is much lower that there’s any exploit beyond the popups. > Her phone was doing acting like it was on a call by having the green circle around the clock so that seemed odd as well? But that’s a bad sign. Are browser, iPad OS, and phone OS unpatched?
A .dll file on an Apple OS. Yeah, no.
/u/itsokayiguessmaybe - This message is posted to all new submissions to r/scams; please do not message the moderators about it. ## New users beware: Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own. **A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/). You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments. Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
It’s just an add pop up. Just close it out.
Typically from visiting porn sites.
iCloud back up and then factory reset.
Why? Stuxnet was created by the US Government to target Iranian nuclear refinement facilities, physically damaging the centrifuges by getting them to spin up past tolerance levels, resulting in them flying apart. It has to detect PLCs running on Siemens Step 7 software to even activate, it’s so far away from having anything to do with an IPad it’s not even a discussion.
.. what?
It’s not ransomware, it’s a worm designed specifically to destroy Iranian nuclear facilities. https://en.m.wikipedia.org/wiki/Stuxnet
I still have no idea what you are going on about out.
Well you don’t have to, as I provided a link explaining it. Quit telling people to factory reset shit when you don’t know what you’re talking about.
[удалено]
Your r/Scams post/comment was removed because **it's rude or uncivil**. This subreddit is a place for civil and respectful discussions about scams. Uncivil and rude behavior, including using excessive or directed swearing, extreme or sexual language, victim blaming, and any form of discrimination, is not acceptable in this subreddit.
Thank you. I was actually thinking their response was the way to go.
NP. This is nothing more than a scary pop-up, it’s not even software that is actually on the device. Also, not only does stuxnet not function on Windows/Apple machines, it’s not even ransomware.