We have all heard about the technical support companies that ring you up at home and at work, saying they have spotted issues with your computer and that they can help you. Some people even fall for this.
However, now the scammers have come up with a new technique to exploit people and trick them into sharing their payment card details. This is done via showing fake Windows alerts telling the user that their copy of Windows has expired and / or has become corrupted. An example of this is shown below:
This new technique prevents the user from using their computers until they call the number on the screen which is a “free tech support number” and then provide their payment information.
How do people become infected?
The main question I’m sure you’re asking yourself right now if, how do they get this scam onto my computer? The simple answer is, it’s usually done via websites or software that have been intercepted and changed so that they pose as an application that someone would like, then, when the user downloads it, it installs the program (as expected) as well as some malware.
Once installed, the screen locker will wait for a while and when the user restarts their computer, the malware will sprint into action and start showing the screens to tell the user that their copy of Windows has expired, or is corrupted.
Jérôme Segura from MalwareBytes said in the article: “We called the number (1-844-872-8686) provided on the locked screen and after much back and forth, the technician revealed a hidden functionality to this locker. There is a built-in installer for TeamViewer which can be launched by a combination of the Ctrl+Shift+T keys,” says Segura. “However, the rogue ‘Microsoft technician’ would not proceed any further until we paid the $250 fee to unlock the computer, which we weren’t going to.”
How to keep yourself safe?
If you fall foul to this scam, the first thing is not to panic and pay the ransom, try pressing Ctrl+Shift+S and see if this gets you past the locker. Once past, run an updated antivirus/malware application like ESET.
Always ensure that you keep a running up to date antivirus product on your machine and be cautious of what you run and install. Only download and install software from legitimate websites.