From a different device (her phone), she changed her email, banking, and social media passwords. The scam pop-up hadn’t stolen anything yet, but the hijacker could have logged keystrokes.
The afternoon sun slanted through the blinds as Sarah, a graphic designer working from home, clicked a link in what she thought was an email from a client. Instantly, her screen flickered. A deep, robotic voice boomed from her speakers:
She turned Wi-Fi back on, downloaded Malwarebytes (free version) from a legitimate site, and ran a full scan. It found two adware extensions and one “browser hijacker”—the culprit that had redirected her from the client’s fake email.
By dinner, her computer was clean. The only lasting damage was a new rule: she never, ever called a number on a pop-up. Instead, she told her mom, her neighbor, and her book club: “If a screen screams at you, don’t scream back. Just kill the power, kill the internet, and kill the cache.”
When she rebooted, she immediately pulled the Ethernet cable and turned off Wi-Fi (Settings > Network > Off). Scam pop-ups often reload from a cached page or a malicious redirect—no internet, no reload.
The scam pop-up never returned. But Sarah’s confidence in handling it? That stayed forever.
