This article has been created in order to help you understand what is the “System Security At Risk” scam for Mac and how to remove it completely.
SIDENOTE: This post was originally published in September 2018. But we gave it an update in August 2019.
A familiar scamming message targeting Mac users has been detected to resurface it’s activities by security resarchers. The malware aims to infect users by getting them to either call a fake tech support number or by asking users to download and install multiple different types of fake Mac virus removal programs that claim to handle security risks which may not even exist. If you see the “System Security At Risk” scam, we would suggest that you thoroughly read this article as it aims to show you how you can eliminate those messages permanently from your Mac.
|Name||System Security At Risk|
|Type||Tech Support Scam for Mac OS|
|Short Description||Aims to get users to call a tech support number and pay $300 to fix a problem on your Mac that does not exist.|
|Symptoms||Displays a browser redirect message asking to call a tech support number|
|Distribution Method||Via adware or suspicious websites.|
|Detection Tool|| See If Your System Has Been Affected by malware |
|User Experience||Join Our Forum to Discuss System Security At Risk.|
”Critical Security Warning” Scam – How Did I Get It
The main reason of you starting to see the “Critical Security Warning” messages appearing on your Mac is likely believed to be a browser redirection. These types of redirects are often spread as a result of visiting a suspicious website or having an adware program installed directly on your Mac. The result of this is the “Critical Security Warning” scam messages to appear in the forms of pop-ups, redirects and others.
If caused by adware, then it is likely that either a browser extension or an app residing in your Mac could be compromised or potentially unwnated. Such software often tends to pretend to be helpful while in the same time may collect user data and display different forms of advertised content.
”Critical Security Warning” Scam – More Information
The “Critical Security Warning” pop-up may come under different forms on your computer. The scamming messages may often arrive as the following message:
“********* System Security At Risk ***********
Critical Security Warning! Your mac has detected a serious attack on this system, as your IP address seems to be acessed from two different locations at one time. A Suspicious Connection was trying to access Your Logins, Banking Details & Tracking Your Internet Activity.
lease contact the Mac Support team immediatelly at 808-518-4618 (TOLL FREE) and provide error code UR97L1DA2TA to scan and resolve the potential threats to your personal and financial information which seems to be accessed tom another computer. Your Mac Security Center & Firewall Services are disabled. Your TCP Connection was blocked by your Firewall. Your Accounts may be suspended until you take an action. “
We have checked the phone number 808-518-4618 that is related to the scam on 800notes(https://800notes.com/Phone.aspx/1-808-518-4618) and have established that it was related to a lot of different types of scams.
One user (Joe) has reported it to be related to a crooks who want you to pay a hefty sum of money to fix a virus that may not even exist:
| 1 reply
If you get a pop up telling you that you have a trojan horse virus and you need to call 808-518-4618 . THIS IS A SCAM ! They wanted $300 and your CC info so they can fix the virus. I called apple support and they fixed the problem and told me that it was a scam and to report it. This is a crime and it would give me pleasure to see them go to jail. I reported this scam to the proper authority you should too.
Another user has reported the scammers to have an Indian acent and ask for his financial credentials:
| arge B.
My son was playing Roblox when the message came on that my computer is at risk, and someone tried to access my personal information by logging in from two different locations. Called the number and the guy with a heavy “Indian” accent told me to go to www.fastsupport.com, on which page it clearly states do not provide any info to people you don’t know. I asked the guy what the full name of his company was and he said “Apple Support”, ha, ha, ha….,they make it look as if they work for Apple (that’s what I’ve been told). I told him what the message said, he tried convincing me that this only applied to people who call me, but since I called them they are legit and I should place some “trust” in them. DO NOT CALL THEY ARE SCAMMERS. Force start your computer and if you need to take it to the apple store. Do not download any anti virus software, as some of them are malicious malware!!!!! Hate those stupid freaks, my son downloaded the some anti virus program which is a malware and a virus in itself!!!!!!
Users have also reported the scammers to ask remote access from users:
| 1 reply
A warning message popped up and basically froze our access to the internet. It said to call 1-518-808-4618. and report an error message. It had a logo for Safari, but not Apple. It apparently looked legitimate which led to my calling the number. I thought I was talking to Apple. It took me awhile to catch on that this was not Apple Support. I had already allowed him to remote in. The man had a foreign accent. There was a lot of noise in the background. He said the cost of his service would be $299.00 to clean up software and some other type of clean ware..He would never state the name of his company. We will take the computer into Apple tomorrow-and we are calling our credit card companies tonight and getting the numbers changed.
If you have granted access to the scammers, it is likely that they may have caused the following damages to your Mac:
- Disabled your protection.
- Added malware.
- Copied your information (Financial data, passwrods, contact list).
- Compromised yor AppleID.
- Deleted your important files.
- Asked you for money to repair any damage.
If you fell for this scam, be advised that you should not call the scammers again, since the call itself can also drain a lot of money from you via impulse schemes.
Remove “System Security At Risk” from Your Mac
System Security At Risk is the type of scamming message which may be related to unwanted software on your Mac. You can follow the removal instructions underneath this article for the removal of this Mac scam. However, be advised that it may be more than just one object causing advertisements on your Mac. This is why, according to security experts the best possible solution would be to download and run a scan on your Mac with an advanced security scanner which will surely detect and eliminate any unwanted objects from your Mac and ensure that future protection is also set in place.
Before starting to follow the steps below, be advised that you should first do the following preparations:
- Backup your files in case the worst happens.
- Make sure to have a device with these instructions on standy.
- Arm yourself with patience.
Step 1: Uninstall System Security At Risk and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove System Security At Risk via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Remove System Security At Risk – related extensions from Safari / Chrome / Firefox
Step 3: Scan for and remove System Security At Risk files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as System Security At Risk, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.