• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Google Chrome Critical Error Scam

I was logged into Washington Post today. I just recently did a clean install of Windows 7 64 bit a couple of weeks ago and have only bare bones items installed including Firefox which is my primary browser. The comments on Washington Post don't work correctly in Firefox so I installed Chrome. The only extension I installed was LastPass. Even though I'm a subscriber, WaPo does have some ads, even on my profile page where I was accessing the summary of my comments. I right-clicked to load a particular comment in a new tab (not an ad) and the new tab displayed the Google Chrome Critical Error Scam error instead.

The whole screen of the tab was red colored with the following scam message text:

Google Chrome Critical ERROR

This was a dangerous try to get an access to your personal logins & bank information.
Luckily, your Firewall managed to block this suspicious connection.
We recommend you to freeze your accounts until some measures will be taken.
There is a great threat of leaking of your personal data.
So, you need to respond swiftly!
Trojan Virus may have already hurt your hard disk and its data.
That is why we are checking and verifying your current system security
Do not waste your time and consult one of our service centers or call us.
Contact Number: +1 (888) 563-5234 (TOLL-FREE)

_________________________________________________________

Contact Microsoft Support: +1 (877)527-9459 (TOLL-FREE)
_________________________________________________________

Your urgent response is needed.
To deal with this problem, contact our network administration.

[Button in lower right corner that says "Call Help Desk"]

There were no suspicious processes running, no suspicious programs installed in Control Panel, Windows is always 100% up to date, and Norton has always been installed and running, and as I said it's a clean Windows install with barely anything installed. So how can I get this phishing scam popup? I read in another thread a user said that it can be triggered by an ad and to disable Java, but I don't even have Java installed, nor do I have any other extensions installed except for LastPass. I need and want to know how this could happen as I consider it an invasion and would like to be able to avoid it from ever happening, even though I'm educated enough to recognize such schemes and not fall for them. Not to mention it froze the browser as well which greatly upset me. When I reloaded Chrome, I clicked to restore the tabs and it froze again. I didn't see an option like Firefox has that allows you to check and uncheck the tabs you want to load to avoid this type of problem so I had to reload it again and just not reload the tabs.

I've used the system for a couple weeks with Firefox and had never had any problems. This only happened immediately after installing Chrome. Do any of you know how this can happen?

I appreciate any help or information that you can offer!

Replies

Kudos0

Re: Google Chrome Critical Error Scam

It is probably JavaScript, which is in no way related to Java.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Google Chrome Critical Error Scam

An ad blocker installed in your browser can help stop these redirects. And I believe Krusty13 uses NoScript which should also do the same for you.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Google Chrome Critical Error Scam

NoScript works great in Firefox.  I use ScriptSafe in Chrome which does a similar thing.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Google Chrome Critical Error Scam

Hello

For some back up information about the browser protections available to block the browser activities, please see this article.

https://krebsonsecurity.com/2011/05/blocking-javascript-in-the-browser/

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.14.0.54 Core Firmware 237 I E 11
Kudos0

Re: Google Chrome Critical Error Scam

Thank you all for your input!

1. I wonder why this has never happened in Firefox? I mean nothing like this has ever happened to me before, but I've always used Firefox. Do you think it's because Firefox is more strict when it comes to security? It does natively block popups but I am not sure if this is considered a popup or not since it opened in a tab of its own. I opened several things in tabs at once and so I'm not sure if it opened the scam tab INSTEAD of the browser or in addition to opening the legitimate link I had intended to open?

2. How and where in the process does the ad get redirected? I'm curious about how things work and I have a lot of experience with building and fixing computers as well as database creation and some programming but not in a browser setting. I mean who's fault is this? Is it Washington Post's fault or the ad server has been hacked or what? Can anyone give me a general idea of how this happens?

Thanks again!

Kudos0

Re: Google Chrome Critical Error Scam

Iconoclast

1. If you check the link in floplot's post, you will see that Firefox has more layers of permissions for JavaScript. Maybe the default setting is more restrictive than the default Chrome setting.

2.  After a malicious ad is loaded, the JavaScript will run if the browser's JavaScript settings allow it. Then the redirect is done. Many/most web sites use ad services, so they are not directly involved in the decision of exactly what ads are loaded into their web page. The ads often rotate, so you may not see the redirect until some time after getting to that web site. So it would appear that the ad service is not diligent enough, or not willing to properly scan the ads they provide.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Google Chrome Critical Error Scam

Comments pages can be susceptible to embedded scripts.  Most websites that allow comments, such as forums, etc., have measures in place that prevent users from posting JavaScript code, but it is possible that something got missed and a comment on a page you visited was malicious.

All browsers run JavaScript natively by default, since virtually all websites use it.  You can limit which sites are allowed in Firefox by using the NoScript extension (Firefox no longer has any user options to disable JavaScript), but I believe Google Chrome still permits you to allow JavaScript on a site-by-site basis.

Kudos0

Re: Google Chrome Critical Error Scam

Hi     I'm a baby at computers.  I have also never made a comment before.  Today I got this scam and fortunately I know just enough (by now) to "unplug" my computer and hope for the best instead of making the directed call.  The reason I actually made it to this column is that I punched the phone number they left into the search bar and found out that it was a scam and that people know about it.  

You guys all seem to be in touch with Norton ("Community") and I'm not understanding why your quibbling about what could be the problem.  Isn't that what Nortons supposed to do?  These boys (Norton) make Mega money.  Good for them.......   They have to, however, use the profits that they make to guard us far, far more carefully than this.   I don't want to learn this stuff, that's why I pay them and,again, they have great profits.  I am a  businessman so don't peg where I'm going as "anti-profit" stuff.  

Obviously they bad guys stalled my computer in its tracks BUT ... after I rebooted.... why was there not a note from Norton explaining they realized what had happened and what I should do about it?. I could add many more "whys?" for Norton.                   I say this without knowing how long this problem has existed and without knowing that....perhaps....they usually solve such issues in a day or 2.  

I realize how simplistic what I am saying is.  This is outt'a my league. Where is the "bitchers" community, if that's where you need to send me.  .  

Kudos1 Stats

Re: Google Chrome Critical Error Scam

 BUT ... after I rebooted.... why was there not a note from Norton explaining they realized what had happened and what I should do about it?

There is nothing for Norton to catch in this situation as the code is on the website, it is not something that gets downloaded to your computer. Legitimate browser redirects are common, so it is difficult to know which ones are malicious. As SendOfJive notes, all web browsers use JavaScript, and almost all web sites use it. So if Norton were to block all JavaScript, your internet experience could be almost crippled. 

These scams are usually caused by malicious ads on a web site you visit. The site owner does not usually control the ads displayed on their page as they use a service that sends ads for their pages. As suggested above, an ad blocker installed in your browser can help stop these kinds of scams. 

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Google Chrome Critical Error Scam

baby baby:

Isn't that what Nortons supposed to do?  These boys (Norton) make Mega money.  Good for them.......   They have to, however, use the profits that they make to guard us far, far more carefully than this.   I don't want to learn this stuff, that's why I pay them

Actually Norton does a very good job of blocking known threats and bad websites.  The key word is "known."  The problem is that the bad guys do not leave their malicious code up on one website for long.  They are constantly changing the addresses of the sites hosting the threats, so they stay one step ahead.  As peterweb explained, Norton can't just block any JavaScript or redirect as that would break 95% of the websites you visit.  While I am sympathetic that not everyone wants to be a cyber security expert, it is nevertheless true that you should learn at least a little about this stuff so you know the limitations of security software and a few basic steps that users should take to stay protected online, such as the aforementioned use of an ad blocker.