Almost all of us have endured the nightmare of a broken smartphone screen, those annoying cracks that start small and then keep on getting worse. Now a new warning adds a dangerous new twist to the dreadful moment your screen stops working.
We’re all familiar with scareware. As Kaspersky explains, this is “malicious software that tricks users into visiting malware-infested websites… it may come in the form of pop-ups [that] appear as legitimate warnings from antivirus software companies… frightening users into paying a fee to quickly purchase software that will fix the so-called problem. What they end up downloading, however, is fake antivirus software that is actually malware intended to steal the victim’s personal data.”
Normally these come in the form of irritating popups as you use your phone or PC normally, they can be especially prevalent when you’re browsing certain types of websites that might have you more naturally on edge to begin with.
As spotted by one website and shared on Reddit, these have now combined in the form of a mock-up of a broken screen, a kaleidoscope of flashing colors behind a popup warning that your phone is faulty and has been infected with a virus. There is also a helpful “Remove Virus” button on the popup.
Just as with more common forms of scareware, the button takes you to a faked copy of a well known antivirus brand, in this case McAfee. Once on the fake site, you may be asked to pay for services, to provide data or even to install software on your phone.
Clearly, the obvious error here is that the popup is not impacted by the faked broken screen, and once you click through to the antivirus site, the screen works fine. But the trick has gained a user’s attention and planted the idea of the infection. The use of a well-known brand name is intended to provide the required trust.
This scam is not targeting technically savvy users who will unlikely be tricked by anything less than the latest, greatest AI-infused phishing scams. But as one Redditor pointed out, “the type of people who these are targeting are people like our parents who aren’t too tech savvy and the elderly. I can see how they could fall for it and it could scare them into signing up for something malicious.”
The reality is that people in their tens of thousands fall for scams much more unbelievable and easily spotted than this. It’s all now done on an industrial scale, as this holiday season has shown all too well, with faked websites in particular surging, up 89% on last year according to Check Point’s latest research.
IBM warns that while “the earliest scareware attacks caused minor damage, scamming victims out of a few dollars for useless bloatware, today, scareware has become a vector for nastier cyberthreats like ransomware.”
As that Redditor commented, “the broken screen tactic is kinda genius imo.”
