Few things strike terror into a computer user’s heart like the dreaded error message. From the diminutive window with a red and white X to the full-screen, notorious “blue screen of death,” these interruptions can stop us in our tracks and illicit waves of panic. Unfortunately, scammers and phishers understand this well and often use the Pavlovian responses of these familiar notifications to get computer users to lower their guard and open their wallets.
In recent years scammers and hackers have increasingly attempted to profit by appearing to offer solutions to the very problems they’ve created. One prominent example of this is the ransomware that has so often been in the news. Virus writers use “Trojan” viruses to infect all the computers in a network and encrypt the data, essentially locking the information and making the systems unusable. The scammers then extort a payment from the owners of the infected network in exchange for an encryption key to recover the locked data. In some prominent cases, hospital networks and other large organizations have had networks shut down and eventually paid thousands to free their systems. These news stories are unnerving, but the average user is more likely to be affected by scammers casting a wider net in order to illicit a small payout from more victims. The browser hijack and the false error message are the tools they use to do this.
A browser hijack is adware or an internet browser extension that creates an alarming pop-up message and, in some cases, locks the functionality of internet browsers like Chrome, Internet Explorer or Edge so that the user cannot navigate away from the page. The user is then confronted with a startling warning: their system has had a serious error and the only way to fix it is to call a Microsoft technician at a conveniently provided 800 number. The unlucky user who does this will be connected to a call center (Likely located in another country) where the “technician” will instruct the victim to give them remote access to their computer. Modus operandi may differ from case to case but at some point the user will be told they need to make a credit card payment to have their tech problems solved. If the user has already given remote access to the “technician,” malware and adware may already be steaming onto the computer. If a credit card number is given, a user’s financial information has now been granted to an organization with dubious ethical practices, at best and at worst, to a criminal organization which will sell the info to the highest bidder.
So what can the average user do to safeguard themselves against such scams and modes of deception? Here are some basic tips to keep you safe if you should find a strange and pulse-quickening error message flashing across your screen:
- Stay calm. It may sound trite but scammers have chosen these methods of deception because they evoke an emotional response in their victims. When one is faced with a scary message and the prospect of losing important data (as many of the messages claim will happen if you fail to follow the onscreen instructions). A deep breath and some critical thinking could save you time, money and some serious headaches.
- Microsoft will not call you. A variation of this scam is one where an operator calls users and tells them there is a problem with their computer that requires them to gain remote access. This is never something that Microsoft, or any other tech company, does—these calls are always illegitimate. During the COVID-19 pandemic, there has been a marked increase in these calls, as scammers know more people are using their computers at home.
- Never, but never, give your credit card information to someone claiming to work for Microsoft over the phone. Microsoft is not in the business of offering one-time support for a fee. Their systems for call-in support are automated and their program licensing fees are generally paid in brick-and-mortar stores or on Microsoft domain websites.
- If you have given your credit card info to a scammer, call your financial institution ASAP. Phishers, hackers and scammers often operate on black market “deep net” websites where credit card info is sold. Cancel your card before you start seeing large ATM withdrawals in Moscow.
- Keep your Anti-virus updated and running. This is good practice for any eventuality and while it can’t stop a scammer from taking remote control of your computer when you give it to them, it may stop a browser hijack from starting up to begin with.
- Does that logo look right to you? Scammers try to make their messages look as close to the real thing as possible, but there are invariably fonts, spelling, phrases, graphics and other tip-offs that just won’t look right. If it doesn’t seem completely official, it probably isn’t.
- How do I close this window? If you find yourself on the receiving end of a browser hijack, you may find it difficult to close your browser or navigate away from the page. Opening your task manager and ending the program (via ctrl + alt + delete) will normally allow you to close the browser. If it keeps occurring after that, run your antivirus scan and if that doesn’t solve your issue, you can always come see your friends at Mankato Computer Technology.
Stay safe out there!