National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

Fake Windows 10 Desktop Used in New Police Browser Lock Scam

07 Ιανουαρίου 2020

Scammers have taken an old browser scam and invigorated it using a clever and new tactic that takes advantage of your web browser’s full-screen mode to show a fake Windows 10 desktop stating your computer is locked.

This type of scam is called a police browser locker. which pretends to be law enforcement locking your browser because due to illegal activity. These scams then state that if you pay a fine via a credit card, it will unlock your computer so you can use it again.

These types of scams are normally easy to detect as they utilize fake and suspicious URLs and allow you to use other apps on your computer even if the browser is locked.

Overlaying a full-screen Windows 10 Desktop image

To make it harder for users to identify these types of scams, attackers are tricking web users into visiting fake sites that display a full-screen image of a Windows 10 desktop with the Chrome browser open.

These fake Windows 10 desktop images will fill up the entire screen and pretend to display the web site for the country’s local police force. As the attackers are just displaying an image, they can also display the legitimate government URL to make it more convincing.

These fake web sites state that the police locked the user’s computer for conducting illegal activities such as viewing and disseminating pornographic images of children, zoophilia, and rape. Victims are then prompted to enter their credit card details to pay a fine of approximately $800.

windows 10 browlock

Fake Windows 10 Desktop shown by French browser locker

When displaying these screens, the scam will show different law enforcement web sites and languages depending on the URL visited or possibly what country you’re from.

Malwarebytes who first posted about this new technique saw this scam targeting web users from Qatar, UAE, Oman, Kuwait, and France.

For example, below is some of the text shown in the UAE variant of this scam.

“Your browser has been locked due to viewing and dissemination of materials forbidden by law of [country], namely pornography with pedophilia, rape and zoophilia.

In order to unlocking you should a [amount] [currency] fine with Visa or MasterCard.

Your browser will be unlocked automatically after the fine payment.

Attention! In case of non-payment of the fine, or your attempts to unlock the device independently, case materials will be transferred to [police_force_name] for the institution of criminal proceedings against you due to commitment a crime.”

If you enter your credit card details into this form, the attackers will automatically steal the payment information, which will then be sold online at underground criminal forums or used by the attackers for fraudulent purchases.

This tactic makes the scam more convincing

What makes this new variant of the police browser locker so clever is that when the image is shown by the browser in full-screen mode it overlays the entire screen, including the normal Windows 10 desktop.

This could cause users to think that the fake Windows 10 desktop image is their normal desktop. The difference, though, is that clicking on the Start Menu, closing apps, or starting new ones will not work.

What will be usable is an overlaid credit card form, which could make some users think that law enforcement has locked their computer until a fine is paid.

It is important to know that law enforcement will never lock your browser like this and then demand a fine be paid online.

If you ever see a message on your screen like this, press Alt+Tab to see if you can get back to your normal desktop or press Ctrl+Alt+Delete to open the Task Manager and terminate any browser processes.

The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.


ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home