Some websites and ads use techniques to manipulate you into thinking you are viewing a dialog from your system. These could be considered malicious at times. In same cases, they can be used to get you to click on or open malicious malware. These ads only use to happen on desktop computers, but we are now seeing a new variety of them being performed on mobile devices as well. I have collected many different types of examples so that you can know what they look like and prevent yourself from falling victim.
When done maliciously, these are often called scareware, because they are designed to scare you into taking action without taking the time to validate its authenticity.
Here the website displays a page that looks like a special browser page and then encourages you to download a security update that is a nasty trojan.
Image Credits: http://mikebeach.org/2011/06/14/example-of-a-fake-antivirus-web-page-with-screenshots/
It is important to note that these message dialogs cannot do anything harmful to you. They are just to scare or encourage you into making a mistake and downloading, clicking or opening something you shouldn’t. If you encounter something like this, close the dialog and leave the website.
Here is one that Windows users might find more convincing. Do you even notice the browser when first looking at this? The use of a fake explorer file browser behind the alert makes it look incredibly real.
Here are four scam examples from Apple’s support community that you could run into. Would you be tricked by any of these?
These sneaky misleading attacks are now getting more sophisticated. An article from Terence Eden’s blog shows how a new feature for websites allows them to activate the vibration of your cell phone. Currently, you will only feel that vibration if a dialog or phone call comes from the operating system. But if a web page shows a fake look-a-like dialog, and triggers the vibrate on your phone, you might be deceived into clicking something you shouldn’t have.
Another new sophisticated attack we might see takes over your entire screen. You’ll need to go to this site and check it out in action. You might think people wouldn’t fall for this type of trick but after seeing a change blindness study done in 1998, you realize that more people than we’d like to think could fall for this when done well.
The “Door” Study (1:36)
Here we see an example of a malicious Firefox window compared to an actual one. Can you spot the differences?
Here are a couple of examples of a similar attack on Android phones.
Here we see the Windows Blue Screen of Death. Imagine this used with the HTML5 fullscreen exploit I mentioned above.
This type of scareware comes in all shapes and sizes. If you encounter something highly unexpected like this, take a moment and think it through. Use a second device and do some searching to see if it is authentic and valid. Help share this with people you know that might fall victim.