Understanding the ins & outs of tech support scam and activities beyond it

• These scams are perpetrated mainly to steal sensitive information, account login credentials, and sometimes are even used to install ransomware/other trojans in victims’ systems.
• Scammers have taken the tech support scam up a notch by including browser lockers.

The fraudulent practice of using fake pop-up screens to scare victims into calling a "tech support number" has been going on for a long time. These scams are perpetrated mainly to steal sensitive information, account login credentials, and sometimes are even used to install ransomware/other trojans in victims’ systems.

How does the scam work?

Using phishing techniques, users are redirected to fake web pages (sometimes a screen pops-up) informing them that their system has been infected with a deadly malware. The web page also has a “customer support number” users can call to remove the malware.

Calling the number will put victims in touch with scammers, who pretend to be tech support agents and ask users for remote access to their systems. Once naive users grant remote access, scammers can actually install malware or steal sensitive information from their systems. At times, hackers also trick victims that they have installed antivirus in their systems and ask for a sum of money.

Scammers take it up a notch

Scammers have taken the tech support scam up a notch by including browser lockers (or browlocks). Browser lockers are tools used by scammers to freeze the victim's browser temporarily and create an illusion that the browser has been locked. They do so by making the browser get stuck in between a flurry of alert dialogs--unable to process commands given by a user.

What happens next?

Once the browser freezes, a display screen pop-ups with a warning message that their system has been hacked and a number to call for assistance. Calling this number will connect victims to scammers who ask victims to pay a certain amount of money to 'unlock' their systems. Once the amount has been paid, scammers simply restart the system to restore browser operations.

Staying safe

• Browser lockers typically originate from malicious ads (malvertising) hosted on popular websites. Hence, you should never click on fake pop-ups and ads without confirming they are genuine.
• If you ever come across such a situation, don't panic. Instead, force close the browser via Task Manager--it will resume browser operations automatically.
• In general, avoid calling the tech support number listed on pop-ups. If you need to contact customer support, call the official number on their websites.