Why is there a British woman speaking on my computer?
That’s the question I was suddenly asked during a remote session not too long ago. I was actively working on one of two laptops while the client was getting the other one ready. I was taken aback at the question because it was completely out of context and didn’t make any sense. So, the client put their phone closer to the computer and I could hear the voice clearly stating that the there was a problem and the computer’s browser was being redirected to a Microsoft support site for immediate assistance with the problem. And no, I don’t live under a rock, but if I sat and thought about the types of potential attacks that are blazing around the internet I wouldn’t get any work done. I simply hadn’t run into this particular one yet.
Then, it happened again on Friday afternoon. Another client contacted me to let me know that someone at the office had a talking computer. Ugh! We’ve reached the singularity and our computers are becoming self-aware. Not really, these are very carefully crafted attacks designed to look like the real thing complete with lots of pop-ups and what looks like a real Microsoft Support web site. To really drive home the point and cause as much panic as possible they add the voice-over to push the user over the edge. STOP! I’ve said it time and time again: In most instances it requires one last element for the infection to actually take place and that last element is human intervention. It is that same last element in the chain of events that can prevent the infection. However, this is not about a possible infection; it’s about falling for a scam that the scammer hopes will mean a pay-day for them.
In the first instance I described – noting how creepy it was hearing the computer talking seemingly of its own accord – I instructed the client on the other end of the phone to kill all running browser instances in task manager. Then we fully updated the anti-virus running on the laptop, restarted the computer and did a full scan. It didn’t find anything, but at the time I was so creeped out by it that I recommended a factory reset of the machine.
In the second instance the user took the correct and immediate direct action of killing all browser instances in the Windows task manager and restarting the computer to clear out all memory. Of course there are lots of eye-grabbing graphics displayed on your screen as this thing is in motion. As you can see in this image to the left, (click the image to view full-size image in a new tab.)
These things are scary, creepy and unnerving, but there is hope. First and foremost is knowledge. If you’re aware of and watching out for these things then they don’t take you quite by surprise, and for the most part, they’re quickly and easily taken care of. If you haven’t already, I encourage you to click on the image and get a better look at it and what it says remembering this is part of the scam should you see it again. It’ll open full size in another browser tab.
If you would like to have a look at all the gory and technical details have a look at the write-up from Microsoft Breaking down a notably sophisticated tech support scam M.O.. At first glance there’s a lot of information there, and there is, but it gives a pretty comprehensive explanation of what’s actually going on with this critter.
And lastly… at the time of this posting as mentioned in the article posted by Microsoft, Edge Browser is the only browser natively capable of recognizing and actively blocking this sort of online attack. And I can’t believe I just said that because I’ve been a Chrome (only) user for many years.
What I mean by natively is that Edge is capable of performing this because it’s built into the browser and it works closely – hand in hand – with Windows Defender. Other browsers require a plug-in to be installed.
At first I thought that was mostly marketing stuff, but then I got to witness that for myself: I was checking on a web address for another post I want to make and was suddenly staring a bright red screen being displayed by Edge browser. A small statement dead-center where page content would normally be that essentially said, “Edge has blocked this web site from being displayed to protect your computer.” Just one of the reasons why Windows Defender isn’t disabled when using 3rd party Anti-virus; In Windows 10 Edge Browser and Windows Defender are closely linked together. But, that’s another story for another post.