A new tech support scam is using website elements to trick users into thinking their browser has loaded a Microsoft support page.
Like other ruses of the sort, this ploy begins when malicious ads redirect a user to a fake tech support web page. The first thing they see is a pop-up alert warning them that “a virus and spyware” have compromised their computer. Concurrently, the page plays the following audio message:
“Important security alert! Virus intrusions detected on your computer. Your personal data and system files may be at serious risk. All system resources are halted to prevent any damage. Please call customer service immediately to report these threats now.”
Clicking “OK” usually launches a loop of dialogue boxes. These alerts continue to display until the user navigates away from the site, closes the tab, or calls the fake support number. But this contrivance does something different.
Microsoft’s Malware Protection Center explains the effect of clicking “OK” in a blog post:
“It loads a page with what appears to be a pop-up message containing the same details, including the technical support hotline. You may think at this point you’re just getting the usual dialogue loop. But, upon closer inspection, it’s not really a pop-up message, but a website element of the scam page.”
This particular element waits until a user clicks anywhere on the screen, at which point in time it goes into full screen mode and loads what appears to be a Microsoft support page. The domain “support.microsoft.com” appears in the address bar. It even comes with a green HTTPS indicator to further lure users.
Just like before, a website element accomplishes this trick. Exiting out of full screen reveals the truth.
Users can protect themselves against this scam by looking out for unexpected full-screen alerts displayed by their browsers. If they come across one of these notifications, they should exit out of full-screen mode. At the same time, users should pay attention to a site’s domain before they click anything on a web page. In the event the domain appears suspicious, they should close out the tab and scan their computers for malware.