shopify analytics ecommerce
tracking

Vile social engineering hack - Updated

I just got one of those “computer help calls” from my mother.

Mom uses computers, but she doesn’t understand them. There are many people like that, and this particular attack was aimed at people like her.

There was a Safari window open with an alert telling her that the computer was infected. Now with the alert, she couldn’t change windows, open Safari preferences, or anything else. She could quit Safari but that was it. And the moment she opened Safari even with a link from her address book, there was the same page giving her the same message with no way to dismiss it.

Of course it gave an 800 number that she was supposed to call…

This wasn’t an infection, it was a JavaScript hack to lock up Safari. It’s a safe bet that most of the people targeted don’t have another browser installed. I read a piece a couple weeks back about a “service” that was trying to sell “protection.” It’s more about social engineering than actual coding.

It was a fairly simple fix, but I had to know how to
access the Library directory.

Quit Safari of course.

Open the user account’s Library folder.

Open
~/Library/Safari.

Choose list view. Sort by date. Delete anything with today’s date.

Go back to the Library folder.

Open
~/Library/Saved Application State.

Delete the
com.apple.Safari.savedState folder.

And that fixes it.

Update - There is a third party solution I’ve heard some good things about,
ScamZapper from Apple Club. Here’s their article about the scam. Hat tip MacInTouch.
blog comments powered by Disqus