Imagine this: one minute you’re checking your email, and the next, your browser is completely locked. If that wasn’t worrying enough, whenever you click your mouse, a warning sound plays and your current IP address is shown prominently on your screen. No, this isn’t a ransomware attack where you’re locked out of your files by hackers. Instead, it’s a new scareware attack currently making the rounds online where scammers try to trick you into picking up your phone and calling them.
As reported by Cybernews, 2.8 million people have been targeted by this attack since the beginning of this year. Dubbed CypherLoc by security researchers at Barracuda, it uses a combination of phishing, malicious code and social engineering to get potential victims on the phone. From there, the scammers on the other end can get all sorts of personal and financial information out of them or even launch follow-up attacks.
Here’s everything you need to know about this new scareware attack, along with some tips and tricks to help you avoid falling for this scam and others like it in the first place.
Socially engineered panic
Just like with many other attacks, this one begins with a phishing email in your inbox. According to a blog post from Barracuda, there’s either a malicious link in the body of the email or one included in an attachment.
While you should never click on links in emails from unknown senders, those who do in this case are taken to a webpage that appears harmless at first glance. However, it gradually transitions into a scareware page once triggered to do so.
Within the page, there’s a hidden, encrypted payload that executes the scareware. Before it can be decrypted and launched, though, the site checks to see if it is being run in a testing environment (usually by security researchers), and if so, a blank screen appears instead. This helps CypherLoc avoid detection.
On an ordinary user’s computer, though, the page will transform into a scareware interface that locks their browser, shows alarming-looking security messages and urges them to contact tech support immediately to fix the issue.
Although the tactics used in this campaign are similar to a ClickFix attack, the scammers behind it have a few more tricks up their sleeves to coerce potential victims into calling them. In addition to fake login forms to appear more legitimate, the most surprising one is that this fake page plays a warning sound whenever a user clicks, switches to full screen or tries to reload. Then, to make things personal, CypherLoc retrieves and then displays a victim’s public IP address on its scareware page.
Between showing a user’s IP address and random alarm sounds playing from their browser, this will usually be enough to convince potential victims to call the phone number that appears on screen. If they do so, they’re met with scammers posing as Microsoft tech support, which is likely enough to convince many people to hand over sensitive details they would have ordinarily kept private.
How to stay safe from scareware
Scareware is often a last resort to trick unsuspecting users into doing something they normally wouldn’t. However, by practicing good cyber hygiene from the start, you’re much less likely to actually end up on one of these fake but equally terrifying pages.
So how do you avoid falling victim to CypherLoc? Well, you need to be extra careful when checking your inbox, social media and even your text messages. Given that almost anyone can contact you these days, you want to be on the lookout for messages from unknown senders and this is especially true with ones that invoke a sense of urgency to get you to click or call. You also always want to avoid clicking on links or downloading attachments from unknown senders.
Carefully checking your inbox while keeping a level head about you will only take you so far and of course, we all slip up at times and make mistakes. That’s why it’s important to protect your computer from malware and other viruses by installing the best antivirus software. If you want to take your protection to the next level, though, you may also want to consider investing in one of the best identity theft protection services, as they can help you recover your identity and any funds lost to scams. Many identity theft services also include an antivirus, so while you’re paying slightly more for one of them, you often get multiple layers of protection in a single subscription.
Given that security tools have become so advanced recently, scammers and other cybercriminals now need to be a lot more creative in their attacks. CypherLoc is a great example of this, and another reason why you need to stay on your toes whenever you’re checking your email and other messages.
Although we don’t know who the scammers behind CypherLoc are targeting specifically, I’ll update this story when and if we find out more.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom’s Guide on YouTube and follow us on TikTok.