Tech Support Scams, Fake BSODs, Scareware
As this is my first TechBits contribution I thought I would introduce myself. My name is Will Allington and I work for South Central Library System on the Help Desk team. I have been employed here for a little over a year and a half. I enjoy helping library staff with their various technology issues!
For this article I would like to talk about a growing trend at SCLS: tech support scams aka Scareware. These tech support scams are a form of internet fraud that are meant to fool the user into thinking there is a security threat to their system, privacy, or data. These scams are primarily encountered while a user is using an internet browser, like Internet Explorer, Chrome, Firefox, etc. A user will be browsing when, all of a sudden, they receive a pop-up alerting of potential security risks or a fake error screen alluding to system damage (see pictures for examples).
If you are interested in learning more about scareware and how they work, here are several good resources:
- http://www.welivesecurity.com/2015/10/07/tech-support-scams-top-pop-ups/
- https://blog.malwarebytes.org/fraud-scam/2014/11/psa-tech-support-scams-pop-ups-on-the-rise/
- https://blog.malwarebytes.org/fraud-scam/2015/07/techsupportscams-and-the-blue-screen-of-death/
How does this relate to the library system? The number of calls that I receive about users (both staff and patrons) who encounter scareware has steadily increased over the last several months. I would now like to go over what can be done if you or patrons come across instances of scareware.
- Stay calm: The main way scareware accomplishes its malicious objective is to scare or fluster you into making rash decisions. You should never call the number provided in the advertisement or download any sort of software.
- Close the browser: It will be more than likely that you will have to close the entire browser that you are using as scareware typically ‘hijacks’ the browser, not allowing you to close the window/tab in question.
- Using Task Manager to close the browser: This is the best way to force close the browser but it will require the ability to right-click (patrons will not be able to use this technique).
- Open Task Manager by right-clicking the Task Bar > Navigate to the Applications/Processes tab > Find the browser that has encountered the scareware > Right-click the browser in question and select End Task > This should force the application to close
- When Patrons encounter scareware: Since patron stations do not have the ability to access the right-click context menus they will have to employ a different strategy but the effect remains the same and that is to close the browser. Also note that when a user is confronted with these various forms of scareware their browser is essentially hijacked and most likely will not respond to input the way it normally does. Any attempts to close the afflicted browser windows will likely be met with an identical window. The best thing that the patron/staff can do is to just restart the PC. Please note that we employ software that effectively dismisses the changes to the hard drive between reboots so there is no need to worry about viruses or malware affecting the PC after the reboot.
- Using Task Manager to close the browser: This is the best way to force close the browser but it will require the ability to right-click (patrons will not be able to use this technique).
*Here are several examples of what to look out for.
Comments