Google Chrome users: Don't fall prey to this fake tech support scam

Fake browser alerts pushing tech support scams increased last quarter, even in the latest version of Chrome.

Google is nuking malware in the Play store
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Fake Google Chrome browser alerts asking users to contact false tech support lines have increased over the last quarter for Windows users, according to Malwarebytes.
  • Tech support scams may use an API to freeze a user's browser, prompting them to call a fake support line and share their credit card information.

Tech support scams are increasingly hitting Windows users on the Google Chrome browser--even when it's been updated to the latest version, according to a Tuesday blog post from Malwarebytes.

These scams take the form of browser alerts asking users to contact fake tech support lines in attempts to gain their credit card information. And the attacks on Google Chrome are far from the first to hit the web: In January 2017, when you Googled "Facebook customer support," the top hit was a scam. And in February 2017, a top Google search result that appeared to be an ad for was actually a malicious link to a Windows support scam.

Attacks on Google Chrome are especially common due to its high market share, Malwarebytes noted.

SEE: Network security policy template (Tech Pro Research)

The US Federal Trade Commission recently launched an effort called Operation Tech Trap to put a stop to these scams, but they will likely remain pervasive, as noted by our sister site ZDNet. This means businesses must be especially vigilant in training employees to recognize scams, phishing attacks, and other cybersecurity issues.

Fake browser alerts pushing these tech support scams have increased in the last quarter, according to Malwarebytes. Most of these attack campaigns come from malicious advertising and compromised websites, with criminals looking to scare users into calling the number--sometimes by completely locking their browser.

For example, with the history.pushState API technique, hackers abuse a bug in HTML5 to freeze computers. Other tools known as pop-unders can make users get stuck between different tabs, Malwarebytes reported.

Since these attacks do not seem to be slowing down, it's important for businesses to train their end users to recognize them. The best way to handle such an attack is to avoid panicking and close the browser using the Task Manager. The pop-ups themselves are usually harmless, so long as the user doesn't call the number provided.

Professionals, whether working at home or in the office, should always go through their IT or security department to handle security issues. All users should be aware that it is highly unlikely that tech vendors will proactively reach out to users offering support.

Also see

Image: Malwarebytes