Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.
There's lots of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you're now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.
Here's another way the scam can unfold, from someone who wrote to me:
"I was notified by a notice supposedly from Windows Security that my PC has been attacked. They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs. They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1year (sic) for $149.99. They said the only way to accomplish this was by check. They said it couldn't be done by credit card because them (sic) numbers would be stolen too. I refused to go along with that plan and closed them out.
P.S. I checked my account and it is paid thru 6/2016. How do I know if I get a notice from Windows that it is legit?"
All windows notifications come via Windows Update. That "pop-up" emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess.