Tech-support scammers revive bug that sends Chrome users into a panic
Con artists pushing tech-support scams are once again exploiting a Chrome bug that can give users the false impression they’re experiencing a serious operating-system error that requires the urgent help of a paid professional, according to a Google developer forum. A Mozilla developer forum indicates a similar bug may also be present in Firefox.
The scam technique, which came to light in February, works by abusing the programming interface known as the window.navigator.msSaveOrOpenBlob. By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it’s impossible for normal users to see what’s happening. Within five to 10 seconds, the browser becomes completely unresponsive. Users are left viewing pages that look like the one above or on the left side of the image, below, both of which were provided in February by antivirus provider Malwarebytes:
The technique effectively freezes a browser immediately after it displays a fake error message reporting some sort of security breach or serious technical mishap. Given the appearance of a serious crash that can’t be fixed simply by exiting the site, end users are more likely to be worked into a panic and call a phone number included in the warning. Once called, the scammers—posing as representatives from Microsoft or another legitimate company—then coax the caller into providing a credit card number in return for tech support to fix the non-existent security problem. The scams are often transmitted through malicious advertisements or legitimate sites that have been hacked.