|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
.Chantal Bosse posted this up on a forum I’m a member of and it’s the first time I’ve seen a scam site use Microsoft logos so overtly. Chantal indicate
[See the full post at: Patch Lady – would you fall for this?]
Susan Bradley Patch Lady/Prudent patcher
On a bad day, where I’d had not enough sleep, perhaps. But for me, the quickest way to ID scam sites is just a cursory grammar and language check. I get all kinds of Apple-imitation spam in one of my spare email accounts, and they look very official, until you take a dedicated look at the grammar in the message, and realize that the pluralizations and tenses don’t add up.
This site throws up all sorts of flags just from awkward capitalization, bad sentence structure, and weird phrasing. “Why we blocked your computer?” isn’t something you’re going to read on an official page, and they can’t decide whether “Blocked” should be capitalized or not. I’d be interested in reading the rest of the message hidden by the dialogue box.
On top of that, the warning really doesn’t make any sense. “The window’s registration key is illegal.” The registration key is for the OS, not the window, and if they mean the OS, it should be capitalized, and not possessive. And how is a “window” using pirated software?
The scam sites are getting very good at mimicking the overall look of who they’re trying to imitate, but either the artists involved or the auto-translate engines aren’t up to snuff for making believable content.
Where this becomes concerning though is when you have this happening across multiple languages, like shown in that image. Receiving a very official looking bunch of gibberish in English may not throw up any warning flags to someone who isn’t fluent in the language.
Doing a search on 1-888-616-0526 and that turned out to be mighty interesting:
“Total scam. Do NOT call them. I run LInux and it tries to tell me I have a virus on Windows and if I do not call them they will lock computer and notify the authorities of my I.P. address. ROFL. If you run Linux, open terminal, type xkill and click on the window to close it. If running Windows, ctrl+alt+del to open process explorer and end the process from there.”
Admitting up front, I may be an Ugly American who is not familiar with the look and feel of Microsoft pages in other language selections. But I note Chantal’s screenshot is from a native setting of la langue français (hope I did that right).
So the first telltale for me is the awkward mix of American style English within the French text in the popup message. And the European format for an American phone number within the apparently American style page. Also, it is notoriously difficult to get a phone number for Microsoft, so that would stand out to me as well. Having keyed to these elements, the next step is looking at the URL.
But the logos are visually convincing.
Well, I wouldn’t. There are a ton of red flags in the above-referenced image if you know what to look for. The URL does not list a Microsoft domain, the page has several grammatical errors (Microsoft knows Windows is spelled with a capital W and does not have an apostrophe), and MS doesn’t pop messages up in browsers (even their own) when the Windows product key is deactivated OR when a virus is detected (and this thing can’t seem to decide which one is the problem, so it just throws them both in).
The thing about it looking legitimate with the logos and the font and such is exactly the wrong thing to be looking at, as it’s the thing most easily faked. The actual Microsoft site is out there where anyone can see and copy it, so making a lookalike that looks real isn’t difficult.
If people are to be trained how not to fall for scams (and it’s really, really hard, because people’s eyes glaze over about 1 ms into any discussion about net safety… most have no desire to learn about this stuff, and you can’t help them be safe if they refuse to learn how), they have to learn to ignore a page’s “real” look and hunt for the cues that really matter. “That’s not how this works” and the domain mismatch are the big ones. It may be true that people shouldn’t have to understand how these things work in order to use them safely, but what should be and what is are two different things.
I think the difficulty comes in trying to teach people the red flags that denote a fake up front. Maybe the better way of doing it is to tell them they’re ALL fake. Maybe the best way is to say that any web page that pops up any kind of a dire message should be immediately judged to be a scam until proven otherwise (I can’t actually think of an instance when the proven otherwise thing ever happened). Whether it’s the one claiming to be the FBI (which I’ve seen) or a virus one or a pirated Windows one or a Firefox one claiming there’s an urgent security patch I simply must install right now (which I’ve seen), or any other scary message, they should all be considered fake just as quickly as we come to the same conclusion when we see a six or seven foot tall T-rex with a floppy neck and a decidedly printed-fabric looking skin inside a building. If you don’t think at first it might be an actual T-rex and then think it might be a fake one, don’t do the same with any web site that tries to scare you. Fake, fake, fake! Anything that tells you not to close the page or navigate away is telling you “This is fake.”
It won’t be easy. Some people don’t even know what a browser is, so how can they be expected to reject a fake popup in a browser window and not think it’s part of the operating system? The lines between web pages, the browser, and the operating system are obvious to those of us who are fairly savvy about computers, but people who don’t understand don’t necessarily know the difference. These are the people that the scammers hope for.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
Years ago there used to be a telephone scam where, after several seconds of complete silence, someone with a not-from-around-here accent will tell you that your computer had a serious problem that they, at MS, had detected and were calling to let you know and help you fix it by following their instructions over the phone… And you could hear the sounds of a phone bank hard at work in the background.
I got a few of those calls, and invariably thanked the caller and, quite politely, interrupted his probably long spiel to tell him I didn’t really care and was, in fact, very glad to hear that particular computer had a big problem, because it was the computer of my ex, then said good bye and hanged up on him.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Another way to reset the browser is to follow this advice in resetting and deleting certain files.
That’s quite old (March 2016) and very complicated advice about how to reset Edge.
Since at least a year ago, there are options to Terminate, Repair, or Reset Edge at Settings > Apps > Microsoft Edge > Advanced options:
Microsoft Edge support: What to do if Microsoft Edge isn’t working
In a world where we weren’t constantly inundated with so much and frequent change people could come to know what to expect – and what not to expect!
As it is, now people become numb to having new hoops they have to jump through, not to mention always having to do way too many things instead of what they’d prefer to be doing.
There is NOTHING about modern trends that make the “most secure” anything! People grow weary of change. The page designers of this particular scam and many others understand this very well!
But before even considering “would I fall for this?”, you should question why, in this day and age, a user’s browser was able to get data from such a web site in the first place? You can’t “fall for” a scam that can’t get into your computer system to begin with or which, if it does get in, can’t appear to take over.
My systems, all of which use a DNS proxy server I have put in place on my LAN, would have put up a blank page. Why? Because I have a number of protections in place that use freely available downloadable blacklists to prevent access to known bad websites.
If one of my systems actually had been able to visit a (brand new, not yet on blacklists) server hosting badware indirectly via ads or 3rd party scripts (e.g., “drive by”), the scripts and/or executables simply wouldn’t run. Why? Because the very few browser add-ons I have installed (uBlock Origin, which uses blacklists, and uMatrix, which is deny-by-default) in my non-Edge web browser would have blocked them for several different reasons.
And of course my settings preclude a browser being forced by a site to full-screen, appearing to take over. This is one of the reasons in the past I always thought Internet Explorer was better than Edge – it sported more specific configurability. There were good reasons for those many options to exist! To be fair, I don’t know if there’s currently a setting somewhere in Edge that would preclude a site forcing the browser to full screen, but there certainly ought to be!
Typical browser settings and antivirus software aren’t a good enough answer in themselves. SmartScreen helps but the implementation isn’t optimal, and you have to consider whether you trust the source.
By the way, the IPFingerPrints site puts the geographic location of the specific site listed in Susan’s screen grab in the middle of a lake near Wichita, Kansas. 🙂
Good for you, Susan, for passing along specific information to help people recognize what to be wary of.
-Noel
By the way, the IPFingerPrints site puts the geographic location of the specific site listed in Susan’s screen grab in the middle of a lake near Wichita, Kansas.
… which is the default pin location for the U.S. geographical center, since the nearby family farm sued the mapping company due to the constant stream of law enforcement visits and random abuse:
Lawsuit: How a quiet Kansas home wound up with 600 million IP addresses and a world of trouble
Maybe they are on their yacht in the middle of the lake when they send this stuff out!
It’s easy for me to say that I wouldn’t, but I know my dad and my grandma are not very well versed with scams, so they might actually fall for them. I’ve told my dad about scams but he seems very slow learning in this field, so I’m worried he might actually give out personal information in a phone or Internet scam.
The best defense against scam, aside from blacklisting these sites so they don’t appear at all, is to know how to spot scams.
I really wish they taught this stuff in schools; it’s absolutely essential that children become good at catching scams in a world that revolves around using the Web.
Last nights news stated that Americans were bilked out of over a billion dollars last year alone.
If we were to invest that billion dollars in a good scammers prison and throw them all in there as we catch them and equip each and every cell a telephone along with a Russian phone book, it might just make a small difference.
I use Firefox. I frequent both yahoo sports and yahoo finance. That’s where I’ve been getting these types of full page warnings.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
