14 DAY TRIAL // Tech support scammers have come up with a devilish new trick to fool unsuspecting victims, relying on a cleverly crafted image and Chrome's fullscreen mode.
Their new tactic relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.
When users navigate to this page via Chrome, hidden JavaScript code puts the victim's browser in fullscreen mode. While the browser's top UI toolbar is hidden, including the address bar, crooks load a JPEG image at the top of the page, crafted to look like Chrome's original UI bar.
Unless the user is using some sort of custom Chrome theme, a Chrome version with a different UI, or hovers their mouse near the top of the page, they won't be able to spot the difference.
Scammers will also spoof native Chrome popups
The Malwarebytes team spotted this new devilish trick, and they discovered a second one as well, also targeting Chrome users.
In this one, scammers were creating popups that mimicked the original Chrome alerts that asked users if they wanted to "prevent this page from creating additional dialogs."
Crooks were using these fake popups, but when users ticked the appropriate checkmark, they continued to show more and more alerts.
Scammers were hoping that, when Chrome detected the page of abusing JavaScript alerts and showed the real "Prevent this..." popup, users would distrust it and not tick the checkmark, or press "Ok," giving it free reign to show as many popups as they wanted afterward.
Most scammers go undisturbed
Clever tricks like these show the broad range of techniques that some scammers are willing to deploy in order to trick users into calling their tech support call centers.
And it's not like there are 10-20 tech support sites out there. Each of these crooks usually sets up hundreds of domains.
For example, this scammer discovered by MalwareHunterTeam had registered over 200 domains, which he was using to serve tech support scams for the past four months.
As we've explained in a previous article about phishing sites, it takes about 10 hours for browsers to detect these threats and mark them appropriately. Additionally, some web hosting firms are also to blame because they sometimes take months to respond to reports from security researchers and take down the crook's website.
@lancesaki Just checked that. Unbelievable...@Techhelplistcom @JAMESWT_MHT @Antelox @executemalware @jeromesegura pic.twitter.com/X37kMiQNO7 — MalwareHunterTeam (@malwrhunterteam) August 26, 2016
