Scammers Frustrate Users into Giving Up their Gmail

Scammers are using a creative way to trick people into handing over their Google account passwords. The tactic works by annoying the victim until they stop thinking rationally.

Most scams to get hold of account passwords, particularly sensitive ones like a Google account, work in one of two ways. Some scammers will try to intercept the password, for example by using keylogging software that records everything a user types. Others prefer phishing, where the user is tricked into typing in details into a bogus, lookalike website.

The new scam, using malware named StealC, is much simpler. It starts by infecting a computer and remotely installing a hacking tool called Amadey. This then loads and runs StealC, which targets Chrome. So far, so simple, and in most cases the malware would struggle to breach Chrome's wide range of security measures. (Source: openanalysis.net)

Kiosk Mode Key To Scam

The trick is that StealC opens Chrome in kiosk mode. That's a mode designed for public use such as with an information screen or interactive map. Kiosk mode is designed to only run a specific application so it runs the browser in full screen with no option to open other tabs or switch to a different window.

In the StealC scam, the only thing that appears is a Google login screen. The user is unable to get out of Chrome, open a new window or switch out of full screen mode. Normal controls such as pressing F11 or a dedicated full screen on/off button no longer work.

The idea is that the user will eventually be so annoyed with the lack of response that they drop their guard and assume Chrome has glitched. At this point it may feel the only option is to "log in to Google" again, though of course the account name and password is going straight to the scammers.

Forced Shutdown a Last Resort

This opens up a host of possibilities including accessing a Gmail account and being able to read sensitive emails or reset other account passwords. Open Analysis Lab, which spotted the scam in action, say that in this case the attackers are immediately using the login details to retrieve any passwords stored in Chrome's built-in password manager.

Security experts say that users hit by the scam should try a range of keyboard shortcuts such as "Alt + F4, Ctrl + Shift + Esc, Ctrl + Alt +Delete, and Alt +Tab". These may either close the unwanted Chrome window or bring up the Task Manager where the user can force Chrome to close. If all else fails, physically powering down the computer may be the only way out. (Source: forbes.com)

What's Your Opinion?

Have you spotted this scam in action? Do you think you'd fall for it? Are you surprised at such a straightforward tactic by the scammers?