I'm sorry to ask such a basic question, but I'm helping my parents who have a Mac remotely, and I'm neither familiar with this system nor at home.
You received a fake order confirmation email and my father clicked the button to cancel the order. This opened another tab that claimed a security issue and downloaded several files. You couldn't close the tab.
First I told them to Shift-restart Safari so that the tabs would not be restored.
Second, they checked and deleted the download list (unfortunately before taking the photo I requested).
Now I'm not sure if the files are still on the computer. A number of sources, including https://support.apple.com/en-gb/guide/safari/sfri40598/mac, assume that deleting the download list will delete it, but I'm looking for a positive confirmation. Could someone familiar with OSX / Safari confirm this?
My mother told me that she couldn't find a folder called "Downloads" (or its localized version). Could it be that the folder is hidden when empty?
If there is such a folder: What is the safest way to empty the Downloads folder without risking opening one of the files? Remember I have to explain the procedure on the phone.
I don't think anything worse has happened. This looked like a scam that required them to call a phone number that would have asked them to pay for "technical support."
Thanks in advance.