This week I was in a hurry and I mistyped the URL for CloudFlare. Usually that doesn’t result in anything except losing a minute or two. This time, I got an error screen and an audio message that said my computer was infected and to call tech support at a toll-free number. I’m seeing these fake alerts more often and they are getting harder to dismiss. That’s another clue these are fake messages.
I should point out these type of scams are probably being done by a small group of typo-squatters. They are trying to benefit from our spelling errors and scare us into buying a solution for a problem that doesn’t exist. While we can’t expect companies to buy every close combo of their domain name, we can learn how to deal with these annoyances. The first rule is to “stay calm and curse on”. OK, the cursing part is optional.
Breaking Down the Scam
What was interesting is after I typed the wrong URL, I was redirected and ended up on a totally different domain. For example, I mistyped Cloudflare.com but ended up on a domain that wasn’t the misspelled one. For safety reasons, I’ve blurred the address line in the screen snap below.
The URL is also interesting as they appended some data that the browser’s header sends to websites. This was probably done to make me think the message was credible. It included location information.
If you look at the white pop-up, you’ll see several places where they want you to call a “Microsoft Certified Technician”. I could be mistaken, but I’ve never seen a “blue screen of death” (BSOD) where a TOLL-FREE number was provided. Microsoft would typically say to contact your system administrator. You can click the image to make it larger.
It’s also interesting that they reference “Microsoft Certified Technician” as that doesn’t mean you’re calling Microsoft. At the bottom of the browser is another plea to call Microsoft although they use the phrase “Help Desk”. Toward the right side, they’ve tried to emulate some more Windows error messages.
Closing the Browser Tab
One nice feature of Google Chrome is you can usually close a specific browser tab even if it’s unresponsive. I’ve been able to use this technique on other scam alerts.
- While in Chrome, press your Shift + Esc keys.
- Click the Task column to resort the Task Manager list.
- Highlight the tab you wish to close. The tabs start with Tab:
- Click the End process button.
Even though you clicked “End process”, the browser tab still remains open. If you click the tab, you’ll see the famous “Aw Snap” message. From here, you can close the tab as usual.
Aw snap…it didn’t work
Sometimes the above steps don’t work and you can’t even bring up Chrome’s Task Manager or maneuver between tabs. The two options are to call these idiots and give them an earful. As much as that would probably make us feel better, I wouldn’t do it unless I was calling from a phone number that didn’t show up on their console. When you call toll free numbers, they may be able to pick up your number even if your Caller ID is blocked.
The second option is to close all browser tabs. Sadly, this means you may lose some data. If you’ve got some new site you just found and you’re worried you’ll lose the URL, Chrome History probably has it. In this instance, you don’t have control of Google Chrome so you’ll need to shut it down with Windows Task Manager.
- Press Ctrl+Shift+Esc
- Highlight Google Chrome
- Click the End task button
This will bring up Windows Task Manager. Your version may look different. I’m using Windows 10.
Those steps should end the immediate annoyance. The scammer’s tab is now gone but so are all the other open tabs. When you restart Google Chrome, you’ll probably get a message saying “Restore Pages? Chrome didn’t shut down correctly. Refrain from restoring these tabs as it will pull up the alert again.
Instead, simply click the X in the top right corner.
Finding Your Lost Tabs
If you need to find those closed tabs, all is not lost. Based on your settings, Google Chrome probably remembers the site. All you need to do is press Ctrl+H and this will pull up Google’s History panel. You can look through the recent entries and should be able to see your items.