Don't Touch That Dial...
A new variation of the “tech support” scam is on the loose. What makes this one noteworthy is that it exploits a bug in the Google Chrome browser that has gone unpatched since its discovery in 2014. Here's what you need to know...
Beware the Chrome Bug Scam
The bug enables bad actors to inject millions of website addresses into Chrome’s browser history. That flood consumes a huge amount of the system’s resources, causing it to freeze up, but not before the browser displays a fake “Microsoft security alert” screen like the one shown below.
As in other similar ploys that are making the rounds, the scammers hope a victim will call the phone number on that screen, so that he can be talked out of his credit card number and other personal information. The “tech support rep” will demand a fee, typically a couple of hundred dollars, before he will proceed to “help” a victim unfreeze his PC.
If the fee is paid (or even if it’s not, but the caller remains on the hook), the scammer will guide the victim through the process of setting up a remote-access connection between the victim’s PC and the scammer’s. Then the scammer can upload more malware while he keeps the victim busy with “troubleshooting” steps that do nothing.
Ironically, the initial warning says that personal information including banking details, credit card numbers and passwords may be stolen. But those things can happen only AFTER you've fallen for the scam by calling the number on the screen. The new malware sniffs out and vacuums up more data (contacts, emails, documents, etc.). Other malware modules may turn the victim’s PC into a slave in a botnet, ready to launch spam or denial-of-service attacks at the command of a remote controller.
The scammer may eventually “fix” the victim’s frozen computer, probably by recommending a hard reboot (power down, power up again). Of course, the victim could have done this himself.
Avoiding The Fake Tech Support Scam
Today, its seems that only Google has not patched this bug. The maker of Chrome decided that the bug was just a minor nuisance - after all, it didn’t break anything permanently - and gave it a very low priority for repair. But now someone has figured out how to cause serious damage with this exploit. It’s high time for Google to plug this two year-old hole in Chrome.
I'm NOT recommending that users of Chrome switch to Firefox, Internet Explorer, or some other browser. For now, just be aware that if your computer ever shows a screen that tells you to dial a number for tech support, don't touch that dial. First trying closing your browser. If your computer appears to be frozen, power down and restart your computer. Next, run a virus scan, and all should be well.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 7 Nov 2016
|For Fun: Buy Bob a Snickers.|
Can This Gadget Suck Money Out of Your Wallet?
The Top Twenty
How to Stop Annoying Auto-Play Videos
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Don't Touch That Dial... (Posted: 7 Nov 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved