Don't Touch That Dial...
A new variation of the “tech support” scam is on the loose. What makes this one noteworthy is that it exploits a bug in the Google Chrome browser that has gone unpatched since its discovery in 2014. Here's what you need to know... |
Beware the Chrome Bug Scam
The bug enables bad actors to inject millions of website addresses into Chrome’s browser history. That flood consumes a huge amount of the system’s resources, causing it to freeze up, but not before the browser displays a fake “Microsoft security alert” screen like the one shown below.
As in other similar ploys that are making the rounds, the scammers hope a victim will call the phone number on that screen, so that he can be talked out of his credit card number and other personal information. The “tech support rep” will demand a fee, typically a couple of hundred dollars, before he will proceed to “help” a victim unfreeze his PC.
If the fee is paid (or even if it’s not, but the caller remains on the hook), the scammer will guide the victim through the process of setting up a remote-access connection between the victim’s PC and the scammer’s. Then the scammer can upload more malware while he keeps the victim busy with “troubleshooting” steps that do nothing.
Ironically, the initial warning says that personal information including banking details, credit card numbers and passwords may be stolen. But those things can happen only AFTER you've fallen for the scam by calling the number on the screen. The new malware sniffs out and vacuums up more data (contacts, emails, documents, etc.). Other malware modules may turn the victim’s PC into a slave in a botnet, ready to launch spam or denial-of-service attacks at the command of a remote controller.
The scammer may eventually “fix” the victim’s frozen computer, probably by recommending a hard reboot (power down, power up again). Of course, the victim could have done this himself.
Avoiding The Fake Tech Support Scam
How do people fall victim to this Chrome bug exploit? The only known vector at this time is by visiting a compromised website which displays the fake Microsoft alert shown above and crams data into the browser’s history. But the same thing could be done by malvertisements - ads infected with the bug-exploiting Javascript and delivered via well-known, trusted websites. Phishing emails could also contain URLs that take the unwary to malicious sites.
This bug in Chrome has been known since 2014. When first discovered, it was being used just to make mischief. A rogue site called crashsafari.com sent visitors just four short lines of Javascript code that flooded Safari, Firefox, and Chrome browsers with URLs. Android and iOS smartphones were easily overwhelmed; browsers would crash and phones would sometimes reboot. Desktop systems would also be affected to some degree, depending on how much RAM and processor power they had.
Today, its seems that only Google has not patched this bug. The maker of Chrome decided that the bug was just a minor nuisance - after all, it didn’t break anything permanently - and gave it a very low priority for repair. But now someone has figured out how to cause serious damage with this exploit. It’s high time for Google to plug this two year-old hole in Chrome.
I'm NOT recommending that users of Chrome switch to Firefox, Internet Explorer, or some other browser. For now, just be aware that if your computer ever shows a screen that tells you to dial a number for tech support, don't touch that dial. First trying closing your browser. If your computer appears to be frozen, power down and restart your computer. Next, run a virus scan, and all should be well.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 7 Nov 2016
For Fun: Buy Bob a Snickers. |
Prev Article: Can This Gadget Suck Money Out of Your Wallet? |
The Top Twenty |
Next Article: How to Stop Annoying Auto-Play Videos |
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Don't Touch That Dial... (Posted: 7 Nov 2016)
Source: https://askbobrankin.com/dont_touch_that_dial.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Don't Touch That Dial..."
(See all 21 comments for this article.)Posted by:
BaliRob
07 Nov 2016
I used to use Chrome to back up Firefox. But Chrome has become impossible to handle - logic has gone, but the last straw was preventing me from bookmarking to Toolbar my very old Yahoo Mail a/c.
It insists that this account of mine is a newbie and
demands that I only login using my Gmail email and
then presenting me with blank pages and history for Inbox and the rest.
Posted by:
Andrew Prakken
07 Nov 2016
You could also try CTRL ALT DEL, which will take you to Task Manager. Delete Chrome if possible and log back into Chrome. It will say: Chrome didn't shut down correctly, just use the restore button which appears in the same panel. I have also had other panels, suggesting that a number be called to unlock the computer.
Posted by:
Mad Monk
07 Nov 2016
I have had this happen now twice, just open task master and end google session.
Posted by:
Charles James
07 Nov 2016
Bob, thanks for this article. I am a local journalist in the Eastern Sierra and I also teach seniors how to use computers and the Internet. I had one senior call me frantic over this message on his computer. Unfortunately, he had already been taken by it once to the tune of a couple of hundred dollars. This is serious and seniors are not the only victims. That Google hasn't shut this thing down before now is just irresponsible. Too many similar scams are out there both on the Internet and over the telephone, stealing innocent peoples' money.
Posted by:
Michael
07 Nov 2016
You have to turn it around on the scammers. I have so much fun calling them. Usually a friend will call saying they have a similar screen, what should I do. I get the number, then tell them to shut down their computer. Then I call the number giving out the wrong information, wrong CC number. Oh sorry I'm old I read the number wrong, let me try it again. Darn, missed it by 1 number. That CC got denied, let's try this one. When your retired, you have the time to waste their time.
Posted by:
Mac
07 Nov 2016
Thanks Bob! I have had this to happen on my computer several times and I automatically shut the computer down instantly! I did not really know where it was coming from, so now I know, thanks again for your advice!
Posted by:
jsaw
07 Nov 2016
had it happen twice same laptop. both times was at e bay.was running Firefox.got out by killing the browser an tree. hit ctrl-alt-del running win 7 sp1
each time different message.
Posted by:
DIANN
07 Nov 2016
I do what Mac does. It works. It pays to know somethng about computers. One way to learn is to google for answers to questions. I have learned much from other computer users. If you don't take the time to learn you will be paying for your mistakes.
Posted by:
Bob
07 Nov 2016
Is it possible that, if you use Chrome with the same Google account on multiple devices, the flooded browser history will affect the other devices as well?
It sure is handy to have all this stuff shared among our various devices! But a problem showing up on one device might have been caused by a problem on another device.
I use Chrome on Windows, Mac, and iOs. Windows, it seems, has the best troubleshooting and cleaning tools. I wound up uninstalling Chrome on every device but one Windows machine.
I'm still uncertain how to absolutely remove all Chrome-related files, including user profiles, on each platform.
It's mind-boggling!
Posted by:
luis
07 Nov 2016
Yes it should be fixed immediately along with the AW_SNAP crash that always happens on any os that I us.
Posted by:
PeteFior
07 Nov 2016
Well, we now have another good reason to avoid Google Chrome! Opera or Firefox anyone?
Posted by:
Garry Boyd
07 Nov 2016
I used Firefox for years. Now I will deal with it's idiosyncrasies. I swithched to Chromes about two weeks ago, but , this is a bad taste. I'll deal with Firefox, my choice anyway. It is a better browser.
Posted by:
Robert A.
07 Nov 2016
Wow! Talk about the height of hypocrisy.
Google really has balls for going public calling Microsoft onto the carpet a couple of weeks ago for a long-known bug in its browser, which Microsoft admitted, was a low-priority fix for them, yet seem to ignore a serious problem with their own browser.
Posted by:
bobdeloyd
08 Nov 2016
Bob, what is the name of this bug in Chrome that's been known since 2014? Two years seems like a long time to patch... I want to look it up and do some research on it.
Thanks :)
Posted by:
Peter Janzen
08 Nov 2016
I have also been hit by this annoyance dozens of times over the last 10 months, and Avast & Malwarebytes do not block. It does not matter what site you are at, it just pops up and you can not delete it by turning your computer off & back on.
I usually just shut down for the night and go to my PC, where I do not use Google Chrome.
Posted by:
Peter Janzen
08 Nov 2016
Just an additional comment; ironically, just after I sent my initial comment, when I returned to the opening page of Bob's newsletter, what should appear under Bob's picture was a rotating add window, urging me to click on the bar to switch to Google Chrome "for a better browser experience"
Posted by:
Ken Cavin
08 Nov 2016
Had this happen on IE 11 going to youtube. Ctrl Alt Delete and a restart and then ran a scan that said all was well. Don't be fooled.
Posted by:
Ted
08 Nov 2016
Yesterday we received the same call twice. A recorded voice told me that "Your Microsoft license has been expired," and told me that I should call a number (area code 855) to renew, because my computer would be shut down.
Posted by:
Jim
08 Nov 2016
I had this happen with a call from somebody claiming to be from Norton Internet Security Team (Full disclosure, I Use Norton and have for about 15 years). The caller wanted me to let them install "Team Viewer" so they could fix my Norton Product. I played along with them for about an hour, claiming I could not get Team Viewer to work. There frustration grew and grew until they finally caught on and called me a few names and hung up. If you do this to these scammers be careful they can be very cleaver.
Posted by:
seymour
09 Nov 2016
You recommended Remo Optimizer. I tried it and it listed a bunch of things that could be optimized. When I clicked to fix the "things" a pop up wanted me to subscribe for $29+.
So it dos not clean anything unless I pay.
I called the phone number. Guy wants to get onto my computer to make it work. If he is legit you should have mentioned this would happen. So what is the scoop on this?
EDITOR'S NOTE: I've never recommended (or even mentioned) Remo Optimizer.