"Your tablet has 91 viruses!" — anatomy of the fake alert that preys on parents and grandparents

This week my mum sent me a photo of her tablet: a red banner with a Google logo across the screen announcing "Your account has been banned". The text continues: her Google Play account will allegedly be suspended today for violating the rules, and 91 viruses attacking the device have been detected. Below, two buttons: a grey "ignore" and a big blue "Yes" next to "Would you like a free cleaning?".

The good news: the tablet is perfectly fine. The bad news: this exact page terrifies thousands of people every day — and some of them tap. Let's dissect how this classic piece of scareware works and why every pixel of it is a lie.

What actually happened

None of what the page claims. My mum opened some ordinary website in the browser — recipes, news, anything — which carried an aggressive ad or a redirect. That's all. No scan ran, no virus was found, no account is blocked. The red page is not the result of an attack — it IS the attack. It's an ordinary web page dressed up as a system warning.

This scam is, incidentally, a close relative of the "fake browser updates" I dissect in my ebook Cyber Self-Defence in the AI Era — the principle is identical: imitate a system message and force a click.

Why every element is a lie: an autopsy of the scam

• "Your account has been banned" + "will be suspended today": classic manufacturing of panic and time pressure. The real Google doesn't block accounts with a red banner and a countdown — and it certainly doesn't tell you about it on a third-party web page.
• "(91) viruses detected": a web page in a browser technically cannot scan your device. It has no access to your files or apps. The suspiciously precise number (91 — elsewhere 13, 39, 5…) is generated at random; it exists to sound credible.
• The Google logo and colours: anyone can copy a logo. Branding on a page proves nothing — what matters is the address in the address bar, and it has nothing to do with Google.
• Broken language: odd phrasing, machine-translated word order. AI can write flawless scams nowadays (more in my ebook), but mass scareware campaigns are still machine-translated into dozens of languages at once.
• Two buttons, both a trap: the big blue "Yes" is obviously the target. But beware — on a fraudulent page, any button, including "ignore" or the close cross, can be the next step of the scam. On a page like this, you simply don't tap anywhere.

What happens if you tap "Yes"

Depending on the campaign, one of these — none of them good:

• Installation of a fake "cleaner" app. It floods the device with ads, demands absurd permissions, or — the most common model — "finds" further imaginary threats and offers a paid subscription of several euros a month for cleaning nothing.
• A request for notification permission. The page asks to show notifications — and then delivers fake "virus alerts" straight to your notification bar for weeks afterwards.
• Payment card phishing. The "free cleaning" suddenly requires a card "for verification". A classic (see the article on modern forms of phishing).
• In the worse case, the download of genuinely malicious software outside the official store (an APK) that really does compromise the device.

What to do when such a page appears

• Tap nothing on the page. Not Yes, not ignore, not the cross.
• Close the entire browser (recent apps overview → swipe it away). If the page "resists" closing its tab, killing the whole app does the trick.
• Clear the browser data: history, cache and above all site notifications and permissions (browser Settings → Site settings → Notifications — remove anything suspicious).
• Check the installed apps. Anything unfamiliar named "Cleaner", "Booster" or "Security" installed recently → uninstall.
• Run Google Play Protect (Play Store → profile → Play Protect → Scan) — a real scan, from the real Google, free of charge.
• If a card was entered: block the card immediately in the banking app and call the bank. If a "subscription" was taken out: check the subscriptions in Google Play and at the bank, and cancel.

How to protect parents and grandparents going forward

• Teach them a single sentence: "No page on the internet can find viruses on your tablet. If anything like that pops up, it's always a scam — close the browser and call me."
• The golden rule from my ebook applies here too: if something is pressuring you, CLOSE IT. Time pressure ("today!") is the scammer's most reliable signature.
• Enable Play Protect and automatic updates, and disable app installs from unknown sources.
• Consider ad blocking at browser or DNS level — the vast majority of these pages arrive through the ad networks of dubious websites.
• More defensive habits for the whole family — from fake updates to cloned-voice scams — are free in my ebook Cyber Self-Defence in the AI Era.

Conclusion

Scareware is a scam built on a single emotion: fear. It doesn't need to break any security — it only needs a frightened person to "save themselves" with a tap. Remember: a genuine security warning never arrives as a web page with a countdown and a Yes button. And if a screen like this pops up on your parents' device, you now know what to tell them: tap nothing, close the browser — the tablet is fine.

Sources and useful links:

• Google Play Protect — Android's official protection: support.google.com
• How Google really handles fraudulent warnings: support.google.com/websearch
• Managing site notifications in Chrome: support.google.com/chrome