A client called in on my support phone earlier this afternoon and told me that she had a “Microsoft System Security Alert” screen that was talking to her and that she couldn’t do anything with her computer.
I launched a remote session, and by using the Windows Task Manager I quickly ended the Internet Explorer applications that were running. It was a fast and easy fix for a really stupid problem.
I was extremely grateful that this particular home user called me, instead of the 800 number that was on the bogus alert screen (shown below). But my relief was short lived.
A few minutes later she was back on the phone saying the fraudulent alert was on her computer again. I killed it and ran a scan with Malwarebytes, which turned up nothing.
I reassured her that everything was fine.
When she called a third time, I had to ask what it was she was doing – so she showed me. She launched Internet Explorer and it opened on AOL’s home page. She told me she wanted to go to Amazon to check on a book. And she did so using the AOL Search bar and typing in Amazon.
On the resulting page AOL search results list (shown below), she clicked on the first link that was displayed. I finally understood exactly what was going on.
You see, that is a sponsored advertisement, meaning some organization paid AOL money to highlight their “product” based on a search. Underneath that is, in fact, Amazon’s legitimate web site listing.
I used this as an instructional moment by turning on Internet Explorer’s Status bar. I moved the mouse over the Amazon site link to show that https://www.amazon.com appeared in the Status bar. I then moved the mouse over the ad, and the following bunch of gibberish appeared:
https://174036060.r.bat.bing.com/?ld=d3iEIp8CztNDVVjNTYoqXRUjVUCUzK_5V032YvPMriEHbBBDFcwsFXQFK3s2qR9MgRW_xhZ9J5SlsoSk6f38u2TnHoDCUsZUB1JUNHwTr9OuZjeHpOBGhVUOyzHQ20xE-ECR9lob4HeScYrxeY00wTrgAAZ5Wu2BEbi0Pb9RjRzi-woEAc&u=http%3a%2f%2fgoo.gl%2fyD6Nby%3furl%3dhttps%253A%252F%252Fwww.amazon.com%252Fbooks-used-books-textbooks%252Fb%252Fref%253Dnav_shopall_bo_t3%253Fie%253DUTF8%2526node%253D283155
I calmly pointed out that if my client knew which web site she wanted to go to, she could simply type it in the address bar of the browser and go there – no searching necessary. She’s glad to have learned that.
What I can’t figure out is how in the heck AOL permitted this ad to be displayed in the first place. By having it up there, they are actively enabling those sleazebag “support agents” to run rough-shod over the typical older AOL user, who does not have a Managed Services Provider to answer her support phone calls.
It took 15 minutes to get through to an AOL Support rep. I’m hoping – after demonstrating exactly what we found – that AOL will take this ad down and pursue the bad actors in some way. Of course, that probably won’t happen…
Beware!
Update 09/07/2017: AOL has removed this ad from the search results list. Probably the fastest action they have ever taken…