Scam Alert: What You Need to Know About Pop-Up Phishing

Macbook-User-Affinity-Technology-Partners-Managed-Services-Nashville-TN.jpg

As your managed IT services provider, we want to provide as much awareness as possible of the latest scams and tactics that may put your data and company assets at risk. One such tactic that we’ve seen in play recently is pop-up phishing – a type of social engineering attack used by criminals to trick people into giving access to their computers and/or payment information.

What is Pop-Up Phishing?

Pop-up phishing involves fraudulent messages that “pop up” for users when they are surfing the web. In many cases cyber criminals infect otherwise legitimate websites with malicious code that causes these pop-up messages to appear when people visit them.

The content of these messages is what makes them so effective. Often, they present the unsuspecting website visitor with some kind of fraudulent warning, typically about the security of their computer. Then they either prompt the visitor to download some necessary tool to fix the problem, such as an antivirus application which turns out to be malware itself, or to call a fraudulent phone number for “support.” This latter tactic seems to have become more common recently, as the following example illustrates.

An Example: “AppleCare Renewal”

Recently, a user consulted with us – thankfully, just in time – on what ended up being a pop-up phishing scam. While browsing the web on his MacBook Pro, this user encountered a pop-up message alerting him that there was a problem with his computer. Conveniently, the scammers behind the message provided a phone number for the user to call.

Concerned, he did.

The “Apple support representative” on the other end of the line prompted the user to establish a remote connection, so that the representative could diagnose the issue. Sure enough, the scammer was able to show the user that his AppleCare had expired, and told him that he needed to renew it to the tune of $499. He then helped the user navigate to web page where he could put in his credit card number to purchase the renewal.

Of course, the payment page was a fraud. The user stopped at this point and reached out for help, thankfully. And the scammers did not install malware on his computer during their remote session, although they could have.

What made this scam so convincing, though, was that the scammers were able to show the user that his AppleCare subscription really was expired (side note: this wasn’t really an issue, given the age of the laptop). This helped them establish credibility with the user, which made the scam all the more convincing. 

Rules for Avoiding Pop-Up Phishing Attacks

So what can businesses do to keep their employees from falling for this kind of scam? While technical safeguards can certainly mitigate exposure, employees are still vulnerable to social engineering attacks, wherein criminals rely more on deception than high-tech hacking to trick users into giving up money or information.

The answer, then, is raising awareness, and giving employees guidelines for how to interact with messages they may see pop up on their computer. Here’s a list of rules to start with:

  • Understand that, even if you have antivirus installed on your computer, you will likely encounter fraudulent pop-up messages on some websites. This usually doesn’t mean your computer is infected, but rather that the website you’re visiting is infected.
  • In general, distrust pop-up messages on websites—especially if they claim to have found issues with your computer. A legitimate IT support group will not use pop-up messages to alert you to issues.
  • Never give anyone remote access to your computer unless you know who they are and trust them.
  • If you’re ever in doubt about the legitimacy of a message you’ve seen from a vendor (such as Apple, in the example above) contact that vendor directly (i.e., look up their actual number instead of calling the number given in the message) or, better yet, contact your IT support team.

Have questions about how to keep your business safe from attacks like these? Contact us today.