GeoEdge Uncovers Sophisticated Tech Support Scam
Tech Support Scams Come in Many Forms And The Latest One is Freezing Your Browser
Well, what does a typical tech support scam look like?
Basically, you see an ad, you click on it, and your browser is hijacked by the scammer until you call a number, pay them money and they remotely ‘unfreeze’ your activity.
These scams are mostly targeted to Windows users with the scammers claiming they are Microsoft’s tech support.
We have encountered a new scam that tricks the user into buying a fake product, giving scammers complete access to a users computer/device. This results in the scammer ‘social engineering’ the user’s machine, planting false malicious activity, or convincing them to acquire the product they are selling, usually antivirus software.
Let’s take a look into how this one looks and works:
Here we can see a few screenshots of the complete Landing page
The Landing Page is FULL of scare tactics!
Once the Landing Page loads, it ‘locks’ the user’s browser without allowing them to close, or leave. Not even by killing the browser through the task manager on their windows machine.
This is How They Do It
The Landing Page goes into full-screen mode and puts the image you see here, above at the top of the page. This is what makes users believe they are in a legit Microsoft.com domain.
Now let’s get into the code, this is how they actually lock the user’s browser. In the below piece of code, we can see the functions the attacker uses to slow down the browser/not responding, or in other words, this is how the attacker “locks” the browser.
They can do this by pushing a lot of new pages into the history of the browser. Please see code below for further reference:
Regular users are not savvy enough to know how to surpass this attack and actually kill all the processes that are being generated in their machine to actually ‘unlock’ their browser.
In a panic, they call the Tech Support Center, give remote access to the scammers and are forced to pay a fee!
Since the attacker is already inside their machines, they end up misleading the users into buying a product/service they don’t really need, hence committing more offenses against these types of users.
It’s important to always to keep your guard up — you never know when malicious actors can strike.
Interested in the other latest attacks plaguing publishers and end-users?