Old Browser Scam Has A New Twist

Several years ago there used to be a scam where visiting a malicious website (or downloading and running a questionable file) would open up a website that pretended to be from a local police or law enforcement agency.

The website would say that you (and your computer) are in trouble for visiting some sort of questionable or illegal site (usually pornography-related, but sometimes involving things like downloading music/movies, gambling, or similar) and that your computer is now locked until you pay a fine.

Back in the “good old days”, this kind of scam was relatively easy to figure out, if you knew what to look for. For example, the “law enforcement” web address would always be something close-but-not-quite right (fbi.ertiaser.com, for example).

It looks like these scams are coming back with a slight twist, however, and taking advantage of a fairly common feature found in most modern browsers.

Variations On A (Scam) Theme

These new scams have the same basic structure – visiting a certain website or installing/running infected files on your computer will show the “warning” page, but the warning page isn’t a browser window, it’s a full-screen screenshot of the warning website, complete with a Windows taskbar.

Since this new version overlays a screenshot of the Chrome browser instead of opening an actual browser tab, it can appear – at first glance, at least – to look more authentic.

For one thing, the URL bar will show a real law enforcement address and the overall layout of the page will be consistent with the “real” law enforcement website. The real website address bar is hidden in full-screen mode (pressing F11 will show you what full-screen mode looks like for most web browsers).

Additionally, since the warning page is simply a screenshot, and the user’s general location and preferred language can be determined from a web browser, the specific law enforcement agency and the language on the page will also be what the user expects to see.

Things To Look Out For

There are still a few giveaways that this is not a legitimate site, though. Probably the most important thing to know is that law enforcement will never lock your browser and then ask you to pay a fine online.

Other visual clues that this isn’t legitimate: clicking on the Start Menu, app icons, or other parts of the screenshot’s taskbar will not work. Also, the taskbar will not show the apps you currently have open, and lots of times the screenshot used by the scammers will hide the clock.

If you use another browser besides Chrome, the change in browser appearance is also a good giveaway. This is another good reason to use a non-Chrome browser.

But if you ever see a message like this, try using Alt+Tab to switch programs (and close the full-screen browser mode normally) or use Ctrl+Alt+Delete to open the Task Manager and force close your browser.

Whatever you do, don’t input your credit card information! I don’t think this is a surprise, but if you put in your credit card, the attackers will immediately steal it and either sell it or use it to make fraudulent purchases.

A sample screenshot of this attack in action can be found on BleepingComputer.