Phishing annoys me to no end. Don’t people have anything better to do than trying to steal from others or create chaos? According to this (old) article, the US and Korea top the list of countries for number of phishing hosts. And I can only assume that phishing has gotten worse in the last 3 years since this was published. Additionally, these days, Korea is undergoing a big change in the sophistication of phishing scams – particularly “voice phishing” (phone phishing) scams.
I even heard the story of one lady in Korea who received a phone call telling her that her son had been kidnapped, and if she ever wanted to see him alive again she must immediately transfer X amount of money into an unknown bank account. She did so, and hurried home to call the police (I assume). Upon arriving home she found her son watching TV and eating snacks. She cried out, “Are you OK?” to which he replied, “Of course, I just arrived home from school on the bus.” I don’t know all the facts about this story, or if it is 100% true or not, but the fact remains that it is 100% believable, because people do have a tendency to get fearful, emotional, and in a “fight-or-flight” mode when they think that something has gone terribly wrong.
So, in order to help other people not get into this same kind of fearful, emotional mode when surfing the Internet and a “Virus Alert!” pops up on their screen, I will break down the phishing scam that I encountered online today while looking for 2010 Olympics Coverage. With a little understanding of what to look for, more people would be able to avoid accidentally downloading virus programs that actually claim to be “virus cleaners.”
And for those who are convinced that viruses just “pop up” when they’re not looking, check out this post.
Oh no! Virus Alert!
When browsing the Internet today looking for the Olympics, I encountered one of these nice windows, claiming that I had a virus:
But, if you’ll notice up in the address bar that this isn’t a site I’m vistiting, but rather a number: 22.214.171.124. A number like this is actually the IP address location of a computer, or router (typically, a wired router begins with 192.xx.xxx.xxx and your home, personal computer’s address is always 127.0.0.1). So, this Internet site, that claims I have a virus, isn’t really an Internet site at all, but seems to be a computer somewhere set up to transmit this warning (which will probably give me a virus if I click OK). Tricky, tricky.
Don’t Bother Me, Mr. Phisherman
I immediately realized that this is a phishing scam – it will tell me that it can fix my virus problems if I download a certain program, or pay for a certain program (funny thing is, many of these programs that suddenly pop up and say “Oh, no! Virus Alert!” will either install viruses of their own when you install them, or after you pay a certain fee, will really fix the viruses that they initially installed on your computer in the first place). Therefore, not wanting to deal with that mess, I just went up to close the window:
And it ignored my command by beginning its own “virus scan.” Hmm, any intelligent computer program will allow a user to do what he wants, even if it means doing something dumb, like opting out of a virus scan. Since this one just went ahead and performed a “scan” on its own, after I told it not to, confirmed in my mind again that it was phishing.
After exiting this site the first time, I even reloaded it, and it did the same thing. And gave me the same results. It’s a completely predictable program.
Scan Results, and a Windows Security Alert?
Of course, I knew it was a scam, so I tried to click the “X” to close out the window, and guess what it did? It popped open a very convincing looking “Windows Security Alert.” This one almost had me fooled. After all, I was using Windows XP, and this “Windows Security Alert” so very closely matched what I’ve already encountered numerous times when dealing with Windows viruses, or it was trying to warn me of something. However, a few keys give away that this is only an image, and a link to begin a download.
- The first thing you can notice is that if you point your mouse up over the “X” to close the window, your mouse won’t be a pointer (as it would be if you were really closing a window), but rather a hand (depending on your settings) just like it would be if you were clicking on a link on the Internet.
- The second thing you’ll notice is down on my Windows Task Bar there is no box denoting the Windows Security Alert. Had this been a true Windows Security Alert, then a new window would have opened and been displayed in the Windows Task Bar (much like a new folder opening, or when the Control Panel opens). This gives the appearance of a Windows Security Alert, without ever opening a new window. It is completely contained within the Internet browser I’m using.
- Thirdly, you can notice the color scheme. My Windows Task Bar is black and has different styling from the original Windows set-up. However, this “Windows Security Alert” uses the same blue color that the original Windows install uses. Had it been a true Windows Security Alert, the styling of this window should match my own OS styling, right? The problem with all of the above clues is that most people just won’t notice them. Many people will continue to use the Windows default blue windows, and because those windows are so common, something that pops up and looks official and like a real Windows message will trick many people into thinking that it really is official, when it may be nothing more than an image on the Internet.
- Finally, the last clue that will clue you in as to the authenticity of this window is the fact that no matter what you click on here, whether the “X” to close the window, or the “Remove All” to “remove” your viruses, or the “Cancel” to get away from this, they will ALL pop-up the next window, which prompts you to begin a download. I can only assume this was the “virus protection” that it claimed to provide.
Install NOTHING, Except from a TRUSTED Source
Many people would be tempted to click on this, download and install the program and run it, because they think that the computer is only trying to help them out, to warn them that it’s getting sick. However, the truth is that this download will probably not heal your “broken” computer, but rather infect it with a virus of its own. (I’ll bet the “infected” computer has no viruses at all, but this little install wants to give it one). If you look closely at the “From:” box, you can again see the same number as before: 126.96.36.199. So, this other computer wants to infect mine, eh? Not happening.
ALWAYS check the “From:” box for ANY download and install. Make sure the come from a trusted source. Even on some very safe sites, there occasionally get to be hacks or viruses accidentally transferred or installed. Therefore, you always want to be sure you know who or where you are downloading and installing something from.
Close all the Phishy Windows
Close that download.
Then, since it still shows the site and the “Windows Security Alert,” close the whole tab, or the whole Internet Explorer program if you need to.
But notice, the tab didn’t close.
It just changed the tab I’m viewing. Click on it again and notice that the site will throw one last trick at you, to try to get you to stay here and download the junk it wants you to.
Ignore that warning, close the window and get out of there.
Finally, Check it Yourself
And then, just to be on the really safe side. Go ahead and open your antivirus program of choice (my is Avast), and do a virus scan of your discs.
Most likely, you will find that you have no viruses (or at least, no new viruses, and definitely not the crazy amount of viruses that Internet “program” claimed to have found). Now, relax and enjoy some peace of mind as you’ve discovered how to “best the beast” and avoid Internet Virus Phishing Scams.
Was this article helpful?
Have you ever been caught in a phishing scam? Have you downloaded a program that claimed to fix your PC and then just ended up breaking it? Hmm, why not switch to a Mac?… Not so many virus problems there…
Here are some good FREE antivirus programs: