User Trust Fail: Google Chrome and the Tech Support Scams

I act as the volunteer support structure for a significant number of nontechnical — but quite active — Internet users. Some of these are quite elderly, which makes me quite sensitive to where Internet firms are falling down on the job in this context. 

Let’s face it, these firms may pay lip service to accessibility and serving all segments of their users, but in reality they typically tend to care very little about users who aren’t in their key sales demographics, and who (while often numbering in the millions or more) aren’t considered to be their “primary” users of interest.

We see this problem across a number of aspects (I’ve in the past frequently noted the problems of illegible fonts and poor user interface designs, as my regular readers well know).

But today I’d like to focus on just one, where Google really needs to more aggressively protect their users from some of the most dangerous criminals on the Internet.

I’m referring to the ubiquitous “tech support” scams (often based in India) that terrify users by appearing on their browsers — often the result of a contaminated site link, a “cold” phone call, or very often a mistyped URL — who then falsely claim that the user’s computer is infected with malware or somehow broken, that you must click HERE for a fix, or you must immediately call THIS 800 number, and BLAH BLAH BLAH.

The vast majority of these follow a common pattern, usually claiming to be a legit tech support firm or often Microsoft itself. 

Once users are pushed into contacting the scammers — who typically focus on Windows computers — the usual pattern is for them to walk the unsuspecting user through the installation of a remote access program, so that the scammer has free reign to suck the user’s credit card and bank accounts dry via a variety of crooked procedures. Their methods are typically tuned especially well to take advantage of elderly, nontechnical users.

It’s not Google’s fault that these criminals exist. However, given Google’s excellent record at detection and blocking of malware, it is beyond puzzling why Google’s Chrome browser is so ineffective at blocking or even warning about these horrific tech support scams when they hit a user’s browser.

These scam pages should not require massive AI power for Google to target.

And critically, it’s difficult to understand why Chrome still permits most of these crooked pages to completely lock up the user’s browser — often making it impossible for the user to close the related tab or browser through most ordinary means that most users could reasonably be expected to know about.

The simplest cure to offer in these situations (especially when you’re trying to help someone on the other side of the country over the phone) is to tell them to reboot (if the user isn’t already so flustered that they’re having trouble doing that) or to power cycle the computer completely (with the non-zero risk of disk issues that can result from sudden shutdowns). 

Even after that, users need to know that they must refuse Chrome’s “helpful” offer of restoring the old tabs after the reset — otherwise they can easily find themselves locked into the offending page yet again!

Chrome is now the world’s most popular browser, and Google’s Chrome team is top-notch. I am confident that they could relatively quickly solve these problems, if they deemed it a priority to do so.

For the sake of helping to protect their users from support scams — even though these users are often in demographic categories that Google doesn’t seem to really care that much about — I urge Google to take immediate steps to make it much more difficult for the tech support criminals to leverage the excellent Chrome browser for evil purposes.

–Lauren–

The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

IETF's Stunning Announcement: Emergency Transition to IPv7 Is Necessary!
The New Google Voice Is Another Slap in the Face of Google's Users -- and Their Eyes

3 thoughts on “User Trust Fail: Google Chrome and the Tech Support Scams”

  1. I would point users to the MVPS.org [HOSTS file] Website. Simple for Windows, hardly more complex in Linux.
    Maybe Chrome could keep a list of known malware URLs to be added to /etc/hosts, if they are not already there (and yes, it’s a moving target, a given.)
    I don’t update mine as often as I should, but my T-Bird and FireFox in Mint are protected that way (next looking to set it up in a MacBook single-booting to OSX El Capitan [which is a BSD appliance.])
    I wanted to get some work done, instead spend my time fiddling with the tool!

  2. I got this on my android phone, and I suddenly turned off my wi-fi thinking for not get downloaded anything malicious. I clicked okay and it brought me to a page which I did not even read because I panicked at that point (I was not expecting any new page to appear because the wi-fi was off). So I clicked out of the window before I could think straight, and I don’t even know what it said. Is it possible that they have installed anything on my phone or stolen any information? I am usually careful about these things but I lost my mind that day.
    This is for those who are still not aware much about these scams.
    So be careful and stay protected

    1. I can’t really speak definitively to your particular case since of course I don’t know the technical details, but in general these particular scams operate by having you contact them back, and then they manually steer you through the process of installing software to take control of your system. While it is not impossible that something nasty was downloaded to your phone in this instance or something else illicit occurred, it seems relatively unlikely, especially since you didn’t further interact with that page.

Comments are closed.