Wednesday, June 13, 2018

What to Do When Browser Pop-Ups Warn a Device is at Risk

Websites contain far more than just text, they often include images, videos, ads, pop-ups, banners and more. Some features are more intrusive than others. Almost everyone has been to a site where an ad began playing in the background and you were forced to hunt it down to pause it. Unfortunately, because these ads load automatically and are constantly changing, they are often targeted by hackers. 

There is a history of ads being injected with malicious code before being presented to the visitor and every so often articles are released about this issue. Phishing browser pop-ups are presented in different ways including those:
  • Stating your device may have been infected by malware and to call a number for assistance. This attack often claims to be coming from Microsoft which it is not!
  • Stating there has been a problem with your computer and to call a number for assistance. The number typically claims to be tech support.
  • With a warning message and an accompanying audio message. The audio typically loops for dramatic effect and follows the script of the pop-up.
An example of a browser pop-up.

So the question is, what is the best way to protect a device when a browser pop-up warns the device is at risk? 

What to Do When Browser Pop-Ups Warn a Device is at Risk

What almost all of these phishing scams have in common are their attempt to scare users into making quick decisions. When we make decisions quickly, especially due to fear, we do not make the most well-informed or responsible choices. In reality, how can we be expected to make the wisest choice when we are being informed of something like:
  • Our financial data is at risk
  • Our credit cards are at risk
  • Our computer is infected and we must call to avoid further damage
  • Our computer has been compromised and is being used to hack other people's information
  • Our personal files are at risk
These are just examples of the notifications you may receive and are types of phishing attacks. The purpose is to get you to call and give someone you do not know remote access to your device so they can "help". Other times the notification will try to get you to click on a specific link which can then install malicious software although there was none to begin with! 

So, if you get a pop-up like this, do the following things to get rid of it so you can go back to using your device normally with confidence.

Close the browser

The first thing you want to do is close the browser with the pop-up. This includes closing ALL tabs in that browser. If you cannot get the browser to close:
  • Right-click on the toolbar and select "Start Task Manager".

  • From the Applications tab, click on the browser and click "End Task".

Clear the browser history

Once the browser has successfully closed, re-open the browser. Go to the browser settings and navigate to the browser history. Clear all browsing history/data/cache including form data, downloads, etc., to be sure you delete any offending software. Once the history has been cleared, close and re-open the browser. At this point the browser should operate normally.

Run a malware scan

To be sure your device has not been infected with malware, run a manual scan using whatever software you have installed. If you do not have any anti-malware software installed, get one! In the meantime, download a free utility like Malwarebytes and run it. Remove any objects found.

I would be remiss if I did not at least mention how important it is to have a backup system in place. These notifications are only phishing attempts but what if they were telling the truth? Would you be able to recover? Do you have a copy of your important files somewhere else? The time to consider what you will do if a device fails is BEFORE it fails. Addressing this kind of issue after a failure will cost you a great deal more time and money.

Browser pop-up notifications about your device being infected or your financial data being at risk are generally phishing attempts. These are effective because they use fear to get people to make hasty decisions, potentially clicking on a link they would otherwise ignore. Once we click on their notification or allow them remote access, they may have the ability to infect our devices. A better approach is to close the browser, clear the browser history, and run a malware scan to be sure the device is not infected.

As always, do not let someone use fear to force you into making hasty decisions. Taking your time when making a decision will help ensure you make a better, more well informed decision and could very well protect you from falling victim to a phishing attack!

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment