Tech Support Scammers Now Freeze the Victims’ Browsers

• Tech support scammers use iframe and pop-up authentication to scare and trick victims into calling them.
• Edge, Chrome, and Firefox are all supported by the creators of this campaign in terms of the looping code functionality.
• The tech support pages look perfectly legitimate and feature a very similar design to the real websites.

Trend Micro warns of a new tech scam support technique that freezes the browsers of its victims. The scammers first trick people into believing they’re a legitimate support service provider, and then utilize the iframe HTML element with a combination of pop-up authentication to convince the users to call them and do as they are told. The victims are trapped in a loop, and clicking on the emerged pop-up does nothing other than returning you back to the landing URL, getting the same pop-up, and so on. As this abnormal browser behavior scares many of the victims, the chances of them calling the number of the fake support team increase exponentially.

The campaign and the functional “looping” code is tailored to work on Firefox, Chrome, or Edge, so a quick detection of the browser type takes place before the proper asset is loaded and executed. According to the Trend Micro researchers’ findings, the scammers are going a long way to making it hard to track them down. For example, during the monitoring of the campaign, the scammers changed their host IP address 12 times within 24 hours. The following example shows a spoofed MS tech support page that asks the user for authentication but does so persistently by disabling the “Cancel” and “OK” button functionality if nothing is entered in the boxes.

The victim toll that was counted during the monitoring of the URLs that were confirmed to be part of the campaign reached to up to 575 visitors per day.

The numbers shown in the graph above may not be too worrying, but scammers are taking note of what works and build upon it. For example, if faked browser freezing proves to be a good strategy in exploiting victims, scammers will take steps to widen the scope of their malicious campaigns and reach out to a lot more users in the near future. The standard advice to render these methods useless is not to lose your composure when met with multiple warning pop-ups, and even nasty browser hang-ups and tab freezes. It’s all part of a scheme trying to make you believe that something seriously wrong is going on in your system.

Finally, don’t forget that the only support that you should trust is the one written on your box, etched on your computer's or laptop's case, or printed on the warranty card that the vendor gave you upon purchase. All of the rest that you see online are almost certainly scammers.

Have you ever encountered a browser hijacking campaign that placed your browser into a loop? Share your experience with us in the comments down below, and help us raise awareness by sharing this post through our socials, on Facebook and Twitter.