We discovered a new technical support scam (TSS) campaign that makes use of iframe in combination with basic pop-up authentication to freeze a user’s browser. Since this technique is new and unfamiliar, it can potentially evade detection. Like many TSS campaigns, it disguises itself as a legitimate or well-known brand’s service provider to lure its victims. This campaign in particular uses Microsoft.
Its URLs show a webpage disguised to look like a typical Microsoft tech support page. However, it hides several different functions. Entering any of the involved URLs will open two pop-up windows: One that asks for user authentication and another that simply urges users to ask for technical support. By then the user has unknowingly entered a loop.