Threat Database Adware 'Google Security Warning' Scam

'Google Security Warning' Scam

By GoldSparrow in Adware

Threat Scorecard

Ranking: 5,522
Threat Level: 20 % (Normal)
Infected Computers: 2,728
First Seen: August 18, 2017
Last Seen: September 16, 2023
OS(es) Affected: Windows

The 'Google Security Warning' scam revolves around the legitimate warnings shown to Google Chrome users when corrupted and untrusted sites are loaded in the browser. Con artists work with Web developers to publish pages that generate fake 'Google Security Warning' pop-ups and aim to direct the user to call a toll-free number and get help. However, the phone lines listed on the 'Google Security Warning' notifications are not operated by certified computer experts. In many cases, the variations of the 'Google Security Warning' scam are run by illicit companies in India that attempt to take advantage of inexperienced users who stumble upon the 'Google Security Warning' notifications. The Web pages that generate the fake 'Google Security Warning' messages feature a code dubbed 'a pop-up loop' that instructs the browser to keep the 'Google Security Warning' pop-up on the screen and prevent the user from leaving and switching tabs. That way, some users may believe the 'Google Security Warning' messages, which read:

'Firewall detecting "suspicious" incoming network connections, we
recommend that you click on "Back to Safety"
Your computer is blocked!
Call now 1800-239-102
Your computer with the IP address [YOUR IP] has been infected by the Trojans Because System Activation KEY
has expired & Your information (for example, passwords, messages, and credit cards) have been stolen. Call the
Windows Help Desk 1800-239-102 to protect your files and identity from further damage.
call Now: 1800-239-102'

Consequently, a call to 800-239-102, and other numbers advertised that way, would connect you to a con artist who will try to sell you a "Premium Technical Support" plan. Before you get to the marketing pitch, the con will try to connect to your machine using a remote desktop tool under the pretext that he/she needs to assess the situation on your end. If you grant remote access, the con artists are very likely to open the SysKey utility on Windows, lock your account and claim that you need to pay a few hundred dollars to have the system unlocked. The technical support agent would make excuses and say that a virus has locked you out, which can be removed with help from an expert that happens to be on your phone right now. Cyber security researchers recommend users surf the Internet using a trusted browser that has the latest updates to minimize the chances of opening a phishing page. AV engines that scan scripts on Web pages may bring up the following detection names in a warning box when you load the 'Google Security Warning' pop-ups:

  • Ransom:JS/TechBrolo.A
  • SupportScam:JS/TechBrolo.A
  • SupportScam:MSIL/Hicurdismos.A
  • Suspicious_GEN.F47V0429
  • Trojan.FakeAlert!8.56B (topis)
  • Trojan/Generic.ASVCS3S.448
  • Win32.Trojan.Rassmd.Auto


Most Viewed