GeoEdge Uncovers Sophisticated Tech Support Scam

Tech Support Scams Come in Many Forms And The Latest One is Freezing Your Browser 

 

Well, what does a typical tech support scam look like?

Basically, you see an ad, you click on it, and your browser is hijacked by the scammer until you call a number, pay them money and they remotely ‘unfreeze’ your activity.

These scams are mostly targeted to Windows users with the scammers claiming they are Microsoft’s tech support.

We have encountered a new scam that tricks the user into buying a fake product, giving scammers complete access to a users computer/device. This results in the scammer ‘social engineering’ the user’s machine, planting false malicious activity,  or convincing them to acquire the product they are selling, usually antivirus software.

 

Let’s take a look into how this one looks and works:

Here we can see a few screenshots of the complete Landing page

Tech Support Scams Come in Many Forms And The Latest One is Freezing Your Browser 

Tech Support Scams Come in Many Forms And The Latest One is Freezing Your Browser 

 

The Landing Page is FULL of scare tactics!

Once the Landing Page loads, it ‘locks’ the user’s browser without allowing them to close, or leave. Not even by killing the browser through the task manager on their windows machine.

This is How They Do It

 

 

The Landing Page goes into full-screen mode and puts the image you see here, above at the top of the page. This is what makes users believe they are in a legit Microsoft.com domain.

Now let’s get into the code, this is how they actually lock the user’s browser. In the below piece of code, we can see the functions the attacker uses to slow down the browser/not responding, or in other words, this is how the attacker “locks” the browser.

 

They can do this by pushing a lot of new pages into the history of the browser. Please see code below for further reference:

Tech Support Scams Come in Many Forms And The Latest One is Freezing Your Browser 

 

Regular users are not savvy enough to know how to surpass this attack and actually kill all the processes that are being generated in their machine to actually ‘unlock’ their browser.

In a panic, they call the Tech Support Center, give remote access to the scammers and are forced to pay a fee!

Since the attacker is already inside their machines, they end up misleading the users into buying a product/service they don’t really need, hence committing more offenses against these types of users.

 

It’s important to always to keep your guard up — you never know when malicious actors can strike.

 

Interested in the other latest attacks plaguing publishers and end-users?

Dig in!  

Alisha is a Technology Writer and Marketing Manager at GeoEdge. Her writing focuses on current events in the AdTech ecosystem and cyberattacks served through the digital advertising supply chain. You can find Alisha on LinkedIn to discuss brand building and happenings in AdTech.
NOT ALL MALVERTISING SOLUTIONS ARE CREATED EQUAL

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.

TRUSTED BY:

450+ Publishers & Platforms