Tech support scammers have created an innovative new way to freeze browsers, leveraging iframes and pop-up authentications to create a loop from which users struggle to escape upon visiting a malicious URL.

Trend Micro wrote in an April 29 blog post that the campaign's URLs are designed to impersonate a Microsoft support page. These web pages open two pop-up windows, one requesting user authentication and the other recommending that the user to seek technical support. If victims attempt to click the authentication pop-up's "Cancel" button, they are directed right back to the URL. Any other buttons, meanwhile, are nonfunctional and are only there for appearances.

The trick works, Trend Micro said, "by setting iframe as the page’s showLogin, making it appear when the URL is entered. Iframe’s source or contents, in turn, is the authentication page URL and therefore just returns the user to the URL." The ultimate goal is to frustrate or scare victims into calling the phony tech support number. At that point, in a typical tech support scam, the criminals would attempt to trick the victims into paying for a fix or even installing malicious software on their computers.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.