Threat Management, Malware

Tech support scam uses iframes and pop-ups to trap victims in loop

Tech support scammers have created an innovative new way to freeze browsers, leveraging iframes and pop-up authentications to create a loop from which users struggle to escape upon visiting a malicious URL.

Trend Micro wrote in an April 29 blog post that the campaign's URLs are designed to impersonate a Microsoft support page. These web pages open two pop-up windows, one requesting user authentication and the other recommending that the user to seek technical support. If victims attempt to click the authentication pop-up's "Cancel" button, they are directed right back to the URL. Any other buttons, meanwhile, are nonfunctional and are only there for appearances.

The trick works, Trend Micro said, "by setting iframe as the page’s showLogin, making it appear when the URL is entered. Iframe’s source or contents, in turn, is the authentication page URL and therefore just returns the user to the URL." The ultimate goal is to frustrate or scare victims into calling the phony tech support number. At that point, in a typical tech support scam, the criminals would attempt to trick the victims into paying for a fix or even installing malicious software on their computers.

Normally, tech support scam URL leverage the JavaScript codes alert() and confirm() to trap users in a loop, but because this method is newer, it could help the scammers evade detect, Trend Micro explained.

The malicious URLs, which display different formats depending on the browser used to view them, have been visited as frequently as 575 times in a single day. Trend Micro theorized that these URL are distributed via online advertisements.

The company suggested users be wary of suspicious web pages featuring "unfamiliar URLs, pop-ups asking for authentication, or any sort of information and messages that raise panic and alarm," according to the blog post. If trapped in a loop, users can typically escape by closing the browser using Task Manager, the report continued.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.