Post AcLPt40aRFsMpTZfto by mttaggart@infosec.town
(DIR) More posts by mttaggart@infosec.town
(DIR) Post #AcLGBpmuXGBogYUPNQ by mttaggart@infosec.town
2023-11-30T19:32:56.555Z
0 likes, 0 repeats
We've all seen these, and #CyberSecurity / #InfoSec pros can roll their eyes at how lame a gimmick this is. But users are legitimately scared by these, and the lures work. One reason is that there is some annoying JavaScript in these pages that 1) Fullscreens the page, 2) disables most keyboard inputs, and 3) disables right-clicking on the page. While the Escape key will un-fullscreen the page, most users don't know how to use the Escape key.Arming users with knowledge about how to recognize this specific scam would do a lot of good for a lot of orgs. Before the phone call happens to that fake support line, there's a window for prevention.
(DIR) Post #AcLHzayrxhqVCANIVE by kevinmirsky@infosec.exchange
2023-11-30T19:51:52Z
1 likes, 0 repeats
@mttaggart I'm trying to think of a concise way to teach someone to recognize these as scams. Do you think it's as straightforward as "if something scary pops up and says to call Microsoft, it's almost definitely a scam"?
(DIR) Post #AcLI2RwW1O8K27dPuK by mttaggart@infosec.town
2023-11-30T19:53:39.039Z
0 likes, 0 repeats
@kevinmirsky "Microsoft will never ask you to call," yeah.
(DIR) Post #AcLOnFSWqugoeRJ79U by kevinmirsky@infosec.exchange
2023-11-30T20:03:35Z
0 likes, 0 repeats
@mttaggart Perhaps this is picky but Microsoft does offer phone support through its "Get Help" app, though how many people would get to this is a different question...If I wanted to be nuanced, maybe saying "...without you actively seeking out support"? But maybe that nuance counterproductive. (I'm quibbling over this because I'm putting something together for our non-techies to keep themselves safe!)
(DIR) Post #AcLOnGW6v59HvpzUNE by Upper2473@mas.to
2023-11-30T21:07:03Z
1 likes, 0 repeats
@kevinmirsky @mttaggart in my opinion “will never ask you to call” still works, because even if they offer a support number, they are not actively asking you to call it. It’s always on the user to decide whether they have an issue for which they want to contact the support.
(DIR) Post #AcLOoTqwp1NdaBJglU by mttaggart@infosec.town
2023-11-30T21:09:34.182Z
0 likes, 0 repeats
@Upper2473 @kevinmirsky ^ Exactly. And guess why this is the pipeline
(DIR) Post #AcLOrCcbLPJz0cu7Mm by Upper2473@mas.to
2023-11-30T21:02:44Z
1 likes, 0 repeats
@mttaggart I wish JavaScript wasn’t overused for even the simplest kinds of pages, and disabling it could be a useful tip for the average user. Now you can’t really recommend it as it’ll break so many sites, even if it could prevent scams like this.
(DIR) Post #AcLOy7RR0CIEyDyl1M by mttaggart@infosec.town
2023-11-30T21:11:19.203Z
0 likes, 0 repeats
@Upper2473 I agree, but it wouldn't really prevent those scams the way we think. The fullscreen, right-click stuff? That's to mess with IT folks as much as anything. A minority of users would be less tricked by these popups if they just appeared as a tab.
(DIR) Post #AcLPhGXvztbqEvXyFc by kevinmirsky@infosec.exchange
2023-11-30T21:18:35Z
1 likes, 0 repeats
@mttaggart @Upper2473 very fair points!
(DIR) Post #AcLPt40aRFsMpTZfto by mttaggart@infosec.town
2023-11-30T21:21:32.657Z
0 likes, 0 repeats
@kevinmirsky @Upper2473 I'll also just note that the attack chain here is:Evil Popup → Phone Call → Install Remote Access Tool → CrimesSo we have 3 opportunities to knock this down, and any enterprise system should have rock-solid policies preventing the installation or usage of remote access tools on endpoints. But I know that's a pipe dream.