Notifications in google chrome security issue

over the last few weeks I have had 4 totally different clients in my workshops with similar issues over the computer being taken over by someone else, so thought I would share and warn.

First was a Windows user, on a web site looking for something, screen changed and she got a warning to phone a microsoft number, not knowing any better she did just that, technician at other end took over her compuer at a distance, asked for her card details to pay for the repair and then an hour later the bank she uses phoned to say strange transactions on her account so card blocked. informed the police and asked the local council age concern section for help. Thats where I came in, virus checked and very badly infected so solution was Linux and jet Windows.

Second was same message, client phoned number and was asked for card number etc, she then realised she did not have Windows but was a Linux user so phoned me instead. I checked her machine, no virus found of course but every time she used Google Chrome message about Microsoft and Number came up, installed a pop up blocker, no effect same message, checked extensions no extensions, message continued, so finally looked at Notifications and she had said Yes to a Notification from what she thought was yellow pages, but in france its not called that its called White pages, so killed the notification problem went away. Checked the Yellow Pages web site and it was very clear it was a con and she should not go on it.

Third was a client who got the same message so she switched of and has not used the computer since, using her phone instead, thats waiting for me to sort it.

Finally the forth, the sister of number 2, she does have windows so called the number, but luck was on her side as her son was with her and realised the scam so stopped her giving her details and took the computer to the shop where she bought it and they re installed wndows for her (at a price of course)

so comments
Dont call a number on a screen or give your card details
check Notifications, popups and extensions
not just Chrome, but Firefox, opera, safari can have the same issue
These scammers are getting in everywhere and it gets harder to trap, not just virus, spyware, malware …

Its really sad that older people are being scammed buy crooks all the time, we rely so much on technology now for holidays, tax returns, government functions etc.

A word of warning

There have been warnings here about Chrome on Android being affectected.
I stopped using Chrome.

[quote=“Paul, post:1, topic:12059, username:callpaul.eu”]
Dont call a number on a screen or give your card details
check Notifications, popups and extensions
[/quote]j

Good advice.

How do you stop it getting in , in the first place?
Dont use extensions maybe?
Use the browser in firejail?

Its Notifications in this case and user is asked do you want them not found a disable notifications option yet but guess they will exist

Problem is you say no and you dont get in the site

It seems they are using fake Chrome updates to infect the browser.
That may be a threat, even if you dont answer malicious popup notifications.

I dont understand how someone can fake an update. There must be some security hole in the update system

All those links are about Android… now @callpaul.eu reports it happening in Win and Linux computers. Not sure how it gets into those?

A friend of mine reported that one of his customers had a similar message. The end user was in a different state. I couldn’t directly help but recommended they did NOT call the number. Worst case, take it to Best Buy or a similar repair shop.

With windows quite easy as people get software or updates from any web site, one of them showed me where 01.net which is an extreamly popular french site. I tried to explain get google chrome from google not 3rd party, but her reply was look at all the other software available and all the logos of companies. She just coukd not follow my logic.

I even have users trying to get software from the internet for linux instead of the repositories then ask why a different format does not work on mint. Yet they are happy to use android store which is almost the same.

User education and stop the know it all down the road who does it all the time.

This is the problem and how people are targeted, as average Joe does not know about being safe online, they follow bad practice, then wonder why they have been infected or scammed. How to drum into people the dangers and teach them good, safe computer practice? They rely too much on their antivirus, or do not run any antivirus at all on their Windows machines.

Plus how to teach them to look after their Laptops? Don’t pick it up by the open screen and swing it round like a cat. Always do a full shutdown not just closing the lid, as it’s in suspend mode and still using power, which in turn is running down the battery.

Google Chrome is crap, use Brave instead, which is Chrome based, but with added security and inbuilt ad-blockers, that give the user a better experience overall. Same can be said with Firefox, but for ad-blocking have to install add-ons, but both of these browsers stop trackers and block anything nasty, or at least try to.

I’d like to tie these scammers up, put them in a field and throw rubber grenades at them and watch them wet themselves.

That is the answer I was looking for.
Best Linux preventative action is to use distro managed repos.

More good preventative action

What should Android users do?
I can avoid Chrome, for a start.

What really makes my blood boil is when they attack hospitals or similar institutions which offer a service public and hold them to ransom.

Or play on weak, vulnerable or older people

Microsoft calls end user …

Dont like to labour a point but dropped on this video about the subject