In the ever-evolving world of cybersecurity, deceptive tactics are becoming more sophisticated. One such deceptive tactic is the “Abnormal Network Traffic On This Device” alert. This is a Phishing Scam, and you should not trust it.

The “Abnormal Network Traffic On This Device” Scam: An Introduction

Researchers have stumbled upon a malicious setup promoting the “Abnormal Network Traffic On This Device” scam during their usual surveillance of suspicious websites. It’s essential to note that the setup also recommended a browser hijacker called CovidDash, along with a flurry of other dubious applications.

The scam unfolds when the malicious file is run, presenting a pop-up window designed to look like an alert from Microsoft. The phony warning claims that the user’s device has been disconnected from the network due to suspicious network traffic. The scam’s primary goal is to coax victims into visiting a phishing website.

Detailed Breakdown of the Scam

The scam begins when a malicious setup is run on the test system, resulting in a scam pop-up window. The message is disguised as a warning from Microsoft, claiming that suspicious network traffic has been detected on the user’s device. As a safety measure, the device has supposedly been disconnected from the network.

Interestingly, the installer responsible for delivering this pop-up does disconnect the computer from the Internet – an unusual move as most scam messages are false. It’s likely that this is a strategy by the cybercriminals to prevent users from accessing the web and downloading antivirus software that could remove the scam.

The message then instructs the user to scan a provided QR code for identity verification and network restoration. When the QR code is scanned, it redirects the user to a rogue website.

The disconnection of the Internet on the infected machine shouldn’t result in significant losses for the cybercriminals since most users scan QR codes using mobile devices.

The Next Step of the Scam

Once the rogue website is accessed, it presents a form disguised as Microsoft, asking users to provide their personally identifiable and credit card information. This includes fields for the cardholder’s name, credit card number, expiry date, CVV, addresses, and phone number.

Providing the requested information to the phishing website would inadvertently disclose it to the scammers. This data could then be exploited to steal the victims’ identities and make fraudulent transactions and online purchases.

If you have already given your private data to this scam, contacting the appropriate authorities immediately is crucial.

It’s worth mentioning that the fake pop-up could be used to promote a different malicious site. Always remember that all claims made by the “Abnormal Network Traffic On This Device” scam are fake, and they’re in no way associated with the real Microsoft Corporation.

In a nutshell, falling for a scam like this can lead to system infections, severe privacy issues, financial losses, and identity theft.

Threat Summary

Name “Abnormal Network Traffic On This Device” pop-up
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Abnormal activity was detected on user’s device network – hence, it was disconnected.
Disguise Microsoft
Rogue process name Windows host process (Rundll32) [process name may vary]
Related Domains[.]com, pcrrent[.]com
Serving IP Address ([.]com)
Symptoms Fake error messages, fake system warnings, pop-up errors.
Damage Loss of sensitive private information, monetary loss, identity theft, possible malware infections.

Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using SpuHunter.

Recommended Antispam tool:

Download SpyHunter
The product is full-featured, and you have to purchase a license for SpyHunter. There is a 7-days free trial available.

Similar Scam Examples

We have analyzed thousands of scams; “To Complete The Update, Install The Critical Security Update”, “McAfee – A Virus Has Been Found On Your PC!”, “Critical Threat Detected: Adware App”, “Ads.financetrack(1).exe”, and “Avira Security pop-up scam” are just a few examples of ones using claims about fake issues detected on users’ devices.

The Internet is full of deceptive and malicious content. Various false claims are used to gain and subsequently abuse users’ trust. Common scam models include device infections, system threats, bogus updates, hoax lotteries/giveaways, and so forth.

Regardless of what a scam warns about or promises – its ultimate goal is to generate revenue at victims’ expense.

How Did I Encounter the Scam?

At the time of research, the “Abnormal Network Traffic On This Device” scam was promoted through a malicious installer. After it was launched, a deceptive pop-up window was displayed. The scam then progressed by instructing the user to scan the provided QR code, which redirected to a phishing site.

However, scam websites are endorsed using various techniques. These pages can be accessed via redirects caused by sites that use rogue advertising networks, either upon initial access or when hosted content is clicked (e.g., buttons, links, text input fields, ads, etc.).

Spam browser notifications and intrusive advertisements also promote online scams. Additionally, mistyping a website’s URL can result in a redirect (or a redirection chain leading) to a deceptive page. Adware also promotes scams by displaying misleading ads or force-opening sites that run this content.

How to Avoid Online Scams?

We strongly recommend downloading only from official and verified channels. Also, approach installation processes with caution, e.g., by reading terms, exploring potential options, using the “Custom/Advanced” settings, and opting out of all supplements (apps, extensions, tools, etc.) to avoid allowing bundled/harmful content into the system.

Another recommendation is to be vigilant when browsing since fake and malicious online content usually appears legitimate and harmless. For example, intrusive ads may look ordinary yet redirect to unreliable/suspicious websites (e.g., scam-promoting, gambling, pornography, adult dating, etc.).

We advise against using sites that offer pirated software/media or other questionable services (e.g., Torrenting, illegal streaming/downloading, etc.) since they typically employ rogue advertising networks.

Pay attention to URLs and enter them with care. To avoid receiving unwanted/deceptive browser notifications, do not permit dubious webpages to deliver them (i.e., do not click “Allow”, “Allow Notifications”, etc.). Instead, ignore or deny notification requests from such pages (i.e., select “Block”, “Block Notifications”, etc.).

If your computer is already infected, we recommend running a scan with SpyHunter for Windows to automatically eliminate all threats.

Text presented in the Scam Pop-up


We have detected abnormal network traffic on this device. To protect your safety, we have disconnected the network of this device, to restore the network of this device, please scan the QR code below to verify your identity and enter the confirmation code to confirm your identity and restore the network.

Appearance of the Scam

This is a screenshot of the “Appearance of Abnormal Network Traffic On This Device” pop-up scam’s process [Windows host process (Rundll32)] in Windows Task Manager:

This is a screenshot of a deceptive website promoting the malicious installer:

To restore the Internet connection, users have to perform the following steps:

  1. Go to Settings
  2. Click “Network & Internet”
  3. Select “Advanced network settings”
  4. Disable and re-enable the Ethernet device


Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. SpyHunter is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

Download SpyHunter

By downloading any software listed on this website, you agree to our Privacy Policy and Terms of Use. To use the full-featured product, you have to purchase a license for SpyHunter. A 7-days free trial is available.

Quick Menu

  • What is the “Abnormal Network Traffic On This Device” pop-up?
  • How to identify a pop-up scam?
  • How do pop-up scams work?
  • How to remove fake pop-ups?
  • How to prevent fake pop-ups?
  • What to do if you fell for a pop-up scam?

Identifying a Pop-up Scam

Pop-up windows with various fake messages are a typical lure that cybercriminals use. They’re designed to collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, and so on.

Although cybercriminals strive to make these rogue pop-up windows appear trustworthy, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images – Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency – A countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Claims that you won something – If you haven’t participated in a lottery, online competition, etc., and you see a pop-up window stating that you’ve won something.
  • Computer or mobile device scan – A pop-up window that scans your device and informs you of detected issues is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity – Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Understanding How Pop-up Scams Work

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on the user’s location and device information, they’re presented with a scam pop-up. The lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

Removing Fake Pop-ups

In most cases, pop-up scams don’t infect users’ devices with malware. If you encounter a scam pop-up, simply closing it should be enough. In some cases, scam pop-ups may be hard to close; in such cases, close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

Preventing Fake Pop-ups

To prevent seeing pop-up scams, you should only visit reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other similar reputation websites commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, keep your Internet browsers up-to-date and use a reputable anti-malware application. For this purpose, we recommend SpyHunter Antivirus for Windows.

What to Do If You Fell for a Pop-up Scam

The appropriate action depends on the type of scam that you fell for. Most commonly, pop-up scams trick users into sending money, providing personal information, or giving access to their device.

  • If you sent money to scammers: Contact your financial institution and explain that you were scammed. If informed promptly, there’s a chance to get your money back.
  • If you gave away your personal information: Change your passwords and enable two-factor authentication in all online services that you use. Visit the Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: Scan your computer with a reputable anti-malware (we recommend SpyHunter for Windows) – cyber criminals could have planted trojans, keyloggers, and other malware, don’t use your computer until removing possible threats.
  • Help other Internet users: Report Internet scams to the Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

Basically, pop-up scams are deceptive messages intended to trick users into performing specific actions. For example, victims can be enticed/scared into providing private data, making monetary transactions, calling fake support lines, allowing cyber criminals to remotely access devices, downloading/installing software, purchasing products, subscribing to services, etc.

What is the purpose of a pop-up scam?

Pop-up scams are designed to generate revenue for cyber criminals. Scammers primarily profit by obtaining funds through deception, abusing or selling sensitive information, promoting content, and proliferating malware.

I have provided my personal information when tricked by a scam, what should I do?

If you have disclosed your personal-identifiable or finance-related information (e.g., ID card details, passport scans/photos, credit card numbers, etc.) – immediately contact the corresponding authorities. And if you’ve provided your account credentials – change the password of all potentially exposed accounts and inform their official support without delay.

Why do I encounter fake pop-ups?

The “Abnormal Network Traffic On This Device” scam has been observed being promoted through a malicious setup. However, scams are endorsed using various techniques. Deceptive websites are most commonly accessed via redirects caused by pages that use rogue advertising networks, misspelled URLs, spam browser notifications, intrusive ads, or installed adware.

Will SpuHunter protect me from pop-up scams?

SpuHunter is designed to detect and eliminate threats. It can scan devices and remove unwanted/malicious content (i.e., adware, browser hijackers, malware, etc.). Additionally, SpuHunter is capable of scanning visited websites and issuing alerts if they are found to be suspicious/malicious. Hence, should you enter such a page – you will be warned immediately, and further access to it will be blocked.


In conclusion, it’s crucial to stay vigilant while browsing the internet. The “Abnormal Network Traffic On This Device” scam is a perfect example of how cybercriminals can trick even the most vigilant users. Always remember to verify the source of any pop-up or alert, and never give out your personal information without making sure of the legitimacy of the request. Be safe!

Leave a Reply

Your email address will not be published. Required fields are marked *