Tech Support Scam That Locks Victims’ Web Browsers Resurfaces

A tech support scam observed in May 2016 has resurfaced, locking web browsers and displaying a fraudulent warning after a victim navigates to a malicious or compromised website. The scammers, who masquerade as the fraudulent company “GeeksHelp,” are reportedly behind the campaign and claim to provide support for either Microsoft or the antivirus vendor, Malwarebytes. If victims call the number displayed on the alert, a scammer pretending to be a technician will answer and prompt them to download remote access software. This software allows the scammer to take control of victims’ computers. Once the scammers have control of the systems, they try to bilk the unwitting victims out of hundreds of dollars to unlock the browser.The NJCCIC recommends never installing remote access software onto systems at the request of an unsolicited phone call or pop-up message on your computer. To close a locked web browser, press Alt and F4 on a Windows system or Command-Option-Esc on a Mac. If you have installed remote access software onto your system at the request of these or other malicious actors, we recommend uninstalling it immediately and performing a full system scan using a reputable and up-to-date antivirus software solution.