You’re working at your computer when suddenly a window appears: “WARNING: Your computer is infected with 5 viruses!” The message looks official, complete with logos and urgent instructions to call a support number immediately. Your finger hovers over the “X” button. Should you click it?

Phishing and spoofing scams in the form of pop-up ads surged, according to the National Consumers League, fueled by artificial intelligence (AI). These scams reportedly saw a 85.6% year-over-year increase in 2025, with median losses roughly doubling to over $2,000, the organization said.

Luckily, you can block these ads and avoid falling victim to the scams. This guide will walk you through the exact steps to stop those pop-ups on your devices, recognize dangerous ones, and build simple habits that keep you safer online. 

Key Takeaways

  • Pop-ups have evolved from nuisances to genuine threats. Today’s new breed of fake virus alerts, tech support scams, and malicious browser notifications can lead to stolen data, remote access, and financial loss.
  • Never click inside suspicious pop-ups. Close the browser window or tab using your browser controls or operating system; never click the buttons in the pop-up itself.
  • Different types require different fixes. Browser pop-ups, notification prompts, and app-based ads each need their own approach. 
  • Mobile devices need special attention. Apps often abuse notification permissions to push ads directly to your phone’s home screen.

From Annoyance to Real-World Harm Using AI

Pop-ups aren’t just a nuisance anymore. They’ve become a common entry point for scams, malware, and costly fraud. What were once clumsy and poorly designed ads now efficiently mimic trusted brands and system alerts from security providers, with the help of artificial intelligence (AI) tools, making a single click enough to put your data, money, and devices at risk.

Personalized Messaging

Alloy’s 2025 State of Scams Report found that 85% of U.S. consumers worry that AI has made scams behind these pop-up ads harder to recognize. Using advanced AI tools to collect your data from the internet, scammers are now able to create hyperpersonalized, professional-looking pop-ups that reference your details, such as your location, browsing preferences, places you visit, and even your daily online activities.

Featuring Typical Elements

Legitimate websites usually use overlays for newsletter signups, cookie consent banners, age verification, and special offers. Scammers exploit this normalization by mimicking the visual elements you encounter daily on legitimate sites.

AI-enabled ads and websites of today bear professional-looking designs, smooth animations, and polished copy. The old advice to look for spelling errors no longer works when scammers use AI tools that generate perfect copy.

To avoid being deceived, focus instead on the requested behaviors, including granting remote access, calling the numbers they provide, and downloading software. 

The Most Vulnerable Groups

While pop-up scams can target anyone, some groups are far more likely to be affected and to suffer serious consequences. Knowing who’s most at risk helps you take smarter precautions, whether you’re protecting yourself, your family, or your workplace. 

  • Older adults globally: Because they are less tech-savvy, individuals aged 60 and above are 5x more likely than younger people to be deceived by tech support scams that start with pop-up ads, a pattern that repeats in countries worldwide.
  • Average consumers: Anyone using default browser settings often doesn’t realize that their browsers and devices lack proper pop-up protection. Many people will just quickly click “Allow” on notification prompts to dismiss them, inadvertently granting ongoing permission for intrusive ads.
  • Small businesses and remote workers: These groups face unique risks because they don’t usually have the robust IT support that large enterprises do. One employee’s click on a malicious pop-up can compromise work devices, expose sensitive client data, or provide attackers access to business systems.

Common Types of Pop-up Ads

Modern pop-ups come in three main varieties, and understanding the difference helps you choose the right defense:

  • In-browser pop-up windows and redirect tabs: These classic pop-up ads appear as unwanted windows or tabs when you click a link or arrive at a website. Their messages range from legitimate marketing offers to fake system warnings that lead to outright scam pages.
  • Browser notification pop-ups: Triggered when you click “Allow” on permission prompts, these notifications can appear even when you’re not visiting the offending website, sliding in from your screen’s corner multiple times per hour.
  • OS-level pop-ups from apps: These ads appear on your desktop or mobile device. Free apps often request notification permissions during installation and then use that access to push ads directly to your home or lock screen.

The common thread among these pop-ups is that they exploit permission prompts with carefully worded messages such as “Allow notifications to prove you’re not a robot” or “Click Allow to continue watching.” One quick click grants them ongoing access to push content to your device.

Aside from the new messaging, scammers continue to use traditional tech support alerts. The American Association of Retired Persons (AARP), which advocates for the safety of older consumers in the U.S., reported that these scams frequently begin with pop-up messages displaying logos from popular tech brands such as Microsoft or Apple. The fake warnings claim your computer has a virus and urge you to call a number for immediate support. Once you call, scammers will request remote access to your device and may install actual malware while pretending to fix problems.

Practical Red Flags to Instantly Recognize Pop-Up Ad Scams

Being aware of the warning signs of a pop-up scam will guide you in building an intuitive mental checklist that triggers immediate suspicion:

Urgent Language

This is the clearest warning sign to stir fear in your heart. “Your device is infected,” “Your subscription expires in 5 minutes,” or “Don’t close this window.” Legitimate companies don’t create artificial urgency or trap you in windows.

Specific Demands 

Cybercriminals have specific calls to action for you to activate their scams. They will ask you to either call the number they provided, pay immediately, or grant remote access. No legitimate security process begins with a pop-up telling you to call a specific number.

Unfamiliar Processes

Scammers will also ask you to follow processes outside standard flows, such as installing unfamiliar software or re-entering credentials on fake websites. These new and strange processes should always trigger your suspicion. If you’re not directly at your bank’s website using the URL that you saved, you shouldn’t be entering credentials.

Train yourself and your family members to pause and question when these red flags appear. That two-second pause before clicking can save thousands of dollars and countless hours of remediation work.

Dos and Don’ts to Safely Close and Respond to Suspicious Pop-Ups

When a suspicious pop-up appears, your response in the first few seconds determines whether you stay safe or fall into a trap:

Don’t Click Any Buttons Inside the Pop-Up Itself

Security experts note that scammers frequently exploit “X” buttons, banking on our instinct to click them. Once you do, these buttons may trigger downloads, additional redirects, or malware installation. When faced with an unwanted pop-up ad with an urgent warning, resist your natural reaction to click it.

Instead, Close the Browser Window or Tab 

Look for your browser’s “X” button at the top of the window on Windows or the red circle in the corner on Mac, and close the pop-up ad using your browser’s controls or your operating system. If you can’t access these controls because the ad has covered them:

  • On Windows: Press Ctrl + Alt + Delete, select Task Manager, find your browser, and click “End Task”
  • On Mac: Click the Apple menu, select “Force Quit,” choose your browser, and click “Force Quit”

Never Call Phone Numbers Displayed in Pop-Ups

No matter how official they look, the chances of these pop-ups being scams are high. Legitimate tech companies will never use pop-up ads to provide support phone numbers.

Never Grant Remote Access to Your Computer 

Do not proceed if the remote access request is coming from an invisible, unknown entity hiding behind a pop-up warning. No legitimate security scan result will ask you to download remote access software or allow someone to control your computer.

Immediate Steps to Take if You Interacted with the Pop-up Ad

If you’ve already engaged with a suspicious pop-up in any way listed below, act quickly:

Contact Your Bank or Credit Card Issuer

If you entered credit card or banking details, call or visit your bank or credit card issuer immediately. Request monitoring of your accounts, consider temporarily freezing your cards or switching to a new one, and file a dispute for any unauthorized charges.

Disconnect From the Internet 

If you mistakenly allowed remote access, disconnect your device from the internet right away, shut it down, and seek professional help. Scammers may have installed malware or accessed sensitive files while they were connected.

Watch for New Apps or Browser Extensions You Didn’t Install

If you clicked on the pop-up ad, this may have downloaded malware into your computer. Check your computer’s application list and your browser’s extensions page. Remove anything unfamiliar.

Change Your Passwords

If you interacted with the pop-up ad in any way, generate a new password right away to minimize the damage. Prioritize creating strong, unique passwords, especially for your banking, email, and other sensitive accounts. 

Turn On Built-In Pop-Up Blocking in Popular Browsers

Because your browser has built-in security features, it is your first line of defense against pop-ups. Follow the steps to activate them:

Google Chrome (Windows, macOS, Android, iOS)

Chrome blocks most pop-ups by default, but you can strengthen its protection:

  • On desktop: Open Chrome and click the three dots in the top-right corner and navigate to Settings > Privacy and security > Site Settings > Pop-ups and redirects. Ensure the toggle is set to “Don’t allow sites to send pop-ups or use redirects.” Also review the “Allowed to send pop-ups and use redirects” section, which lists the sites you’ve allowed to show pop-ups. If you see unfamiliar domains or websites, remove them.
  • On mobile devices: Persistent pop-ups can indicate unwanted software. On Android and iOS, manage Chrome settings under Settings > Site settings > Pop-ups and redirects. In Safari, configure the system-level pop-up blocker by going to iOS Settings > Safari > Block Pop-ups.

Microsoft Edge (Windows & macOS)

Open your Edge browser and click the three dots in the top-right corner. Select Settings > Cookies and site permissions > Pop-ups and redirects. Enabling “Blocked (recommended)” is the safest default setting and should remain enabled unless you have a specific, trusted website that requires pop-ups to function.

Safari (macOS, iPhone, iPad)

On iPhone or iPad, open Settings > Safari and enable “Block Pop-ups.” This single setting protects you across all apps using Safari’s web view.

On Mac, open your Safari browser and click Safari > Settings > Websites > Pop-up Windows. You can set a global policy to “Block and Notify” and create exceptions for specific trusted sites. Safari blocks pop-ups by default while allowing necessary windows like sign-in dialogs on banking sites or legitimate modal windows for web applications.

Other Browsers

Firefox, Brave, Opera, and other browsers also follow similar patterns. Look in Settings > Privacy & Security > Permissions to find pop-up controls. The mental model stays consistent even as specific menu labels vary.

Stopping Pop-Up Ads on Phones

Pop-ups on phones can be even more intrusive than on desktops, interrupting you throughout the day. With a few quick changes in your mobile browser settings, you can stop most of these pop-up ads.

On Android

  • Browser-level: In Chrome for Android, tap the three dots and go to Settings > Site settings > Pop-ups and redirects, and ensure pop-ups are blocked. In the same section, also review Notifications and remove permission for any unfamiliar sites.
  • App permissions: Security guides recommend navigating to Settings > Apps > Permission manager to audit which apps have notification access. Focus on reviewing free, gaming, and wallpaper apps, and anything you don’t remember installing. For each app sending the pop-ups, either revoke its notification permission or uninstall it entirely by going to Settings → Apps, tapping the problematic app, and selecting Uninstall.

Stop Pop-Ups on iPhone and iPad

  • On Safari: Open Settings > Safari → and toggle “Block Pop-ups” on. This setting works system-wide for all apps using Safari’s web view.
  • App-driven ad pop-ups: While less common on iOS due to App Store restrictions, some apps still abuse notification permissions. Go to Settings > Notifications, review which apps have notification access, and either turn off “Allow Notifications” completely or restrict notification styles.

Enable Advanced Defenses

While basic settings can block most pop-ups, some threats can continue to slip through without additional protection. You can create a stronger, layered defense against more persistent attacks by managing notifications, using trusted browser extensions, and adding security software. 

Browser Notifications

You may not realize that the “Allow” buttons you casually clicked months or years ago are the source of your current pop-up problems. Browser notifications appear even when you’re not actively visiting the website, sliding in from your screen’s corner while you’re working on something completely different. Here’s how to audit and clean your notification permissions:

  • In Chrome on desktop: Go to Settings > Privacy and security > Site Settings > Notifications and review each entry. If you don’t recognize a site or no longer want its notifications, click the three dots next to it and select “Remove” or “Block.”
  • In Edge: The process is identical to Chrome. Navigate to Settings > Cookies and site permissions > Notifications, review the allow list, and remove suspicious or unwanted entries.
  • In Safari on Mac: Go to Safari > Settings > Websites > Notifications. You can block sites individually or deny all notification requests by default.

By cleaning your notification permissions, you’re closing one of the most effective distribution channels that scammers usually exploit worldwide.

Security Software

Browser settings are part of your online security foundation, but comprehensive security software adds critical capabilities that browsers alone can’t provide:

  • Anti-phishing and malicious URL blocking: Safe browsing tools such as McAfee WebAdvisor check URLs against continuously updated databases of known malicious sites and block your access before your browser even renders the page.
  • Browser extensions: Also called plug-ins, reputable ad-blocking browser extensions also warn you about risky sites in real time when you click a link in emails, texts, or social media. However, be wary of free extensions as they may inject their own ads, track your browsing history to sell to data brokers, or introduce security vulnerabilities. Stick to well-known, trusted privacy tools with thousands of reviews, and that receive regular updates.
  • Integrated protection across channels: Comprehensive security tools monitor all threat entry points and help catch risks before they escalate into full-blown pop-up attacks or malware installations.

Step-By-Step Action Plan to Lock Down Your Devices

To quickly reduce your risk, a few targeted steps can make a big difference across all your devices. This simple action plan walks you through the most effective changes you can make in just a few minutes.

A Simple Checklist for Home Users

Set aside 15-20 minutes to work through these steps on each of your devices:

  1. Update all browsers and operating systems: The latest security updates will fix newly discovered vulnerabilities that malicious pop-ups might exploit.
  2. Enable pop-up blocking on your browsers: Follow the specific instructions provided earlier for each browser.
  3. Audit and clean notification permissions: In each browser, remove sites you don’t recognize from the notification allow lists. If you can’t remember why a site has notification permission, revoke it.
  4. Review app permissions and remove or restrict suspicious apps: On your mobile phone, focus particularly on recently installed free apps. Uninstall the apps that serve primarily to push advertisements.
  5. Install a reputable security suite and browser extension: To help block phishing and malicious sites and provide real-time threat detection across devices, these security tools provide comprehensive coverage.
  6. Educate family members, especially older relatives: Spend time teaching them about tech support pop-up ad scams. Remind them to never call numbers in these ads, never grant remote access to their computer, and always close suspicious pop-ups using their browser’s close button or Force Quit/Task Manager.

For Remote Workers

If you manage a home-based business or work remotely:

  • Standardize your browser and notification settings: Ensure that you follow the settings recommended by your employer across all your devices. Create a document with screenshots showing the proper configuration for each browser and platform you use.
  • Use centralized security solutions. Many comprehensive security tools scale for teams to block malicious domains and pop-up-heavy scam pages at the network level to protect multiple devices.
  • Train to recognize fake pop-ups: This is key if you perform a role that accesses sensitive systems. A 10-minute training session covering the red flags discussed in this article can dramatically reduce your risk exposure.

When to Seek Professional Help

If pop-ups continue to disrupt your online activity after following browser and OS-level steps, it’s possible that unwanted software may have been installed at the system level. Particularly if you unwittingly granted a scammer remote access during a scam, you should assume serious compromise and consider professional support.

When reaching out to your trusted security provider, use their official vendor channels. Never call phone numbers found through general web searches. Warning signs that necessitate professional help include pop-ups that reappear immediately after you remove notification permissions, browser extensions or applications that reinstall themselves, or unusual system behavior such as slow performance or unexplained network activity.

Final Thoughts

Simple changes in your browser settings, a careful review of app permissions on your devices, cautious evaluation of pop-ups before you click, and good security tools work together to drastically lower your risk. You can simply follow the checklist in this article, implemented across your devices, to block the vast majority of pop-ups before they appear and help you safely handle the few that slip through.

Security experts recommend spending 15-20 minutes walking through your current setup before a scam pop-up tests your defenses under pressure. Walk through the steps on your computer, then your phone, and then help a family member do the same. The time invested today prevents months of remediation work and potential financial losses that come from clicking one convincing pop-up at the wrong moment.

Instead of trying to become a cybersecurity expert to defeat pop-up scams, it’s more important to increase your awareness, establish simple precautions, and develop the mindset that every pop-up deserves two seconds of scrutiny before you click.