Browser-Based Tech Support Scam Exploits Full Screen and Input Lock APIs

The described browser-based tech support scam represents a sophisticated social engineering attack that leverages legitimate browser functionalities to deceive users. Unlike traditional malware-based scams, this attack does not require any software installation, making it particularly insidious. The scam employs the browser's full screen API to take over the user's screen and the input lock API to prevent users from easily exiting the page. It then simulates a command prompt scan and displays a fake Blue Screen of Death (BSOD) to create a sense of urgency and panic. The ultimate goal is to trick users into calling a provided phone number, where they may be subjected to further social engineering tactics, such as being convinced to pay for unnecessary technical support services or revealing sensitive information. This scam highlights the evolving tactics of cybercriminals who are increasingly exploiting built-in browser features to carry out their attacks. For cybersecurity professionals, this underscores the importance of user education and awareness training to help users recognize and respond appropriately to such scams. Additionally, it serves as a reminder of the need for robust browser security settings and the potential benefits of ad-blockers and script-blockers in mitigating such threats.