Malicious pop up activity using Fear, Uncertainty & Doubt

Ironically starting out in life to solve the problem of intrusive online advertising, pop-up adverts have been mildly annoying web users since the early 1990s.

While many websites have moved away from pop-up advertising, or use them tastefully, pop-ups are still used heavily and in increasingly clever ways, by online fraudsters.

Here we run through the latest and most effective pop-up scams and how you can avoid them.

Full screen ‘takeover’

Malicious pop-ups that take over the entire screen have been increasingly popular with fraudsters over the last couple of years.

By browsing to a website with a malicious advert embedded, a full-screen pop-up will appear, sometimes playing audio, insisting that your device has a virus or similar and that you must call the ‘support’ number on the page.

Full Screen Pop Up

What’s incredibly clever about this type of scam is that the pop-up will be branded relevant to the device you’re using, and often the number will be for your geographical region – browsing the malicious site on an Apple iPhone, for example, the site would appear to be the official Apple website.

By masquerading as Microsoft, Apple, Google, and similar vendors, fraudsters will use language, images, and audio to scare victims into calling a number, paying for ‘support services’ to fix their issue.

Of course, the ‘issue’ can simply be resolved by closing and re-opening the web browser, in most cases.

Don’t call the number displayed or install the ‘patch’ offered by the site to fix their issue.

Fake police pop-ups

Scammers posing as the police, FBI, Interpol, or similar Government-backed agency is nothing new or surprising.

By posing as law enforcement, fraudsters can start their scam from a position of authority, and trust, with a victim coercing them more successfully into parting with their cash – either by insisting they pay a fine to avoid criminal proceedings or helping with an active investigation.

While targeting victims cold via text, email, and telephone may prove moderately successful, scammers have capitalized on something many of us love – free stuff.

While online piracy is slowly dying out thanks to legitimate streaming websites becoming so cheap and having a vast array of content, there are still many websites out there that offer free access to many TV shows and movies – sometimes before their official broadcast dates.

Whilst piracy is a crime, many will view this as a minor one – or indeed even a victimless one.

Capitalizing on this, fraudsters will set up fake websites that’ll draw in people searching for the latest episode of their favorite TV show, or movie, in order to scam them into handing over their cash using intimidation.

police pop up

By luring a victim onto their scam site, the fraudsters will allow them to browse around for a short amount of time, even going as far as picking the episode from a TV show they wish to watch, before ‘hijacking’ their browser with a pop-up.

Displaying their malicious pop-up full screen so that the victim can’t close it, with police logos, and text insisting that the victim will be arrested or prosecuted for accessing illegal content unless they call a number and pay a fine – victims are easily intimidated into paying up to make it all go away quietly.

The ruse is intended to scare victims into not only handing over cash to the fraudsters but also to scare them into silence so that they can target more people without being discovered.

For many of us, the fear of having a criminal record that could impact our future is a terrifying prospect – and the fraudsters are fully aware of this fact and will absolutely capitalize on it.

Spotted a suspicious pop-up?

  1. Never download or install anything from a full-screen pop-up. If in doubt after encountering one, run a quick anti-virus scan.
  2. Don’t be afraid to take five minutes to think about what a caller, emailer, or website is asking of you.
  3. Often, pressing the “escape” key on your keyboard repeatedly, or closing the browser app, will get rid of any full-screen pop-ups.

Your anti-virus program can help you avoid pop-ups in the first place. Check the programs filtering and blocking settings and consider downloading an ad-blocking plugin such as AdBlock or uBlock Origin, otherwise contact a specialist.

By: Matthew Clark