Tech support scams coming as phishing pages that contain fake alerts urging you to call for immediate assistance are common place these days. We collect hundreds of such URLs each day and have observed countless tricks to fool users. In this post we examine a couple of sneaky techniques targeting Google Chrome users.
The fake address bar
This is an interesting one because for years we have been telling people to double check the URL in the address bar to know if a website is really what it claims to be. When this scam page loads it runs in full-screen mode and prevents the user from easily closing it with an infinite loop of alerts.
Now take a look at the address bar. For all intents and purposes it does look like the legitimate Microsoft website, although the ‘ru-ru’ (Russia) portion of the URL is a fail in an otherwise clever design. (There are other bits of Russian here and there in the source code, which perhaps link to the original author?).
Let’s have a look under the hood to find out exactly how they are pulling this one. We notice that the address bar is nothing but a JPEG picture that is placed at the right spot to look like an actual address bar when the page is loaded in full-screen mode. To make matters more confusing this particular scam is hosted on Amazon, and that is the correct address bar.
The fake alert dialog
A nifty feature in Google Chrome is the “Prevent this page from displaying additional dialogs” option particularly useful when certain websites ask you “Are you sure you want to leave this page?” followed by “Are you really, truly sure you want to do it?” and some.
Tech support scams have similar alert windows except we found some that are completely made up. Putting a checkmark and clicking OK actually produces the opposite result of what you’d expect, to keep you more frustrated and ready to throw your computer out the window.
We almost missed that one for a real alert dialog, except that they got the spelling wrong (at least in American English) and typically a ‘dialogue’ is a conversation between people, nothing to do with a ‘dialog box’. Below is the real dialog from Google Chrome:
Note the additional trick that the scammers added though: “Press ESC, to close this page!” A couple of things wrong with this: first, the grammar is incorrect as you would not put a comma in the middle of that sentence. Also, this is not a Google notification. Only the Prevent message and the OK buttons are legit. The ruse is to have people press the escape key instead of placing a check mark and clicking OK, leading to another round of fake alerts and more frustration.
It’s safe to say that browser-based tech support scams are not going anywhere any time soon. Sadly, most browsers are brought to their knees with simple bits of JavaScript and non savvy users will simply give up and call the toll free number for assistance (we forgot to mention that all this while a very annoying audio track plays in the background).
Call centres located in India (for the most part) are receiving thousands of calls each day from desperate victims prime to be defrauded of hundreds of dollars by rogue operators playing the Microsoft technician game.
Spotting those scams isn’t always easy though and that is why it’s important to expose them to show their inner workings. To learn more about tech support scams and consult our blacklist of known offenders, please check out our resource page here.
Just cured one of these today …. with Malwarebytes.
A NEW KIND OF “YOUR COMPUTER IS BLOCKED” SCAM?
December 1, 2017
This one hit really hard. My father called me in my office: “Your Computer Is Blocked” message popped up on the screen of his desktop, and the entire screen appeared irresponsive,
no matter where he clicked. I could not see the screen of his display and cannot tell if there was a clickable button next to “Prevent this page from creating additional …”.
He ran MS Internet Explorer under Windows7 32-Pro, in a limited user account (no Administrator’s rights). I advised to shut down the computer with “Power” button, wait 5 min., then turn it on. He did that, with a real bad result.
His computer booted as usual, but the internet connection was completely disabled. MS Internet Explorer and Chrome could not connect to the internet. I tried to fix the problem
from Control Panel, “Networks And Sharing Center”, and it seemed to work each time for a few seconds; then internet connection was lost again. I tried the standard procedure
“Turn power off on cable box, router and computer, then turn on first the box, wait until connected to server, then router, wait until connected, then computer…”. It ultimately did not help.
Since internet was unavailable, I have downloaded AdwCleaner on my own PC, also Win 7, brought it to the damaged computer on a flash, installed it (it seems, it tried but failed to “update
the database” – internet connection was missing). AdwCleaner ran and found nothing. Then, it turned out that Malwarebytes could not be installed for the same reason: the installation required internet connection,
which was not available. Could anyone suggest a cure?
Can you reach out to our support team: https://support.malwarebytes.com They will have you sorted out quickly.