You are very right. Yesterday I was helping a user who ran into a popup window that said his computer was infected with malware, and to call Microsoft support, etc.And therein is the real REAL problem. Believing this can only happen to those people.
I've seen these malware installers on all kinds of sites that "normal" people would not likely say are "weird". The most prevalent (currently) seem to be sites that offer PDF manuals or books. The bad guys have figured out that people often go searching for manuals and books online, and, apparently, people go searching for manuals and books online quite a lot! It is the new "pirating a movie", methinks. So… is it "weird" that you're downloading a Kubota tractor maintenance manual off a website with a .ru TLD? To me? Yeah. To you, Amazing Iceman? Probably. But to my 75 year old father? He searched, they had it, why not download it? Oh, and it is in a DMG… that if he double clicks on it, it opens and tells him he needs to install Adobe Acrobat to open the manual and helpfully offers to do that? That's "computer", so he does. You or I… no… we know better. But it isn't weird at all to him. And that's the level we're dealing with.
Guess what, dear Dad lost his $3000 27" iMac account Admin privileges. He can't install anything now. But Apple is still making every default first log-on user with Admin privileges!
Have any of you tried to operate a Mac recently with only Standard User privileges?
(Here's a hint: go download Privileges by SAP; it is a nice app to have in the arsenal.
This user was not in a 'weird' site. I checked his history and found nothing dubious.
Next, using that information, I tried to find the source of that popup using my Windows VM.
Surprise! I founded in one of the video article links of MSN, which is part of the default Windows 10 browser home page.
I attached it below... Now... how in the world could a regular user know what to do here?
Notice the password prompt, ready to steal the user's password. And the user may be willing to enter it, specially in a business environment, due to guilt of having infected the computer, and trying to avoid a superior from finding about it.
If this happens to a family member, it would depend on how approachable we are to assist them.
Do we happily help or get annoyed by their calls?
Because most of these popups are embedded into fake Ad Banners, one thing that may help quite a lot is to use an Ad Blocker, such as AdGuard. But educating the user is the most effective solution.
Now look at the attachment, and tell me how effective it is...