Your Browser Has Been Blocked Scam
Your Browser Has Been Blocked Scam: How It Works
(with videos below) Imagine this: while you're browsing the Internet on your computer, tablet or mobile, the screen freezes and a full-page notification reads: "Attention! Your [mobile] device has been blocked up for safety reasons. Audio and video recording in progress. Amount of fine is $100. You can pay the fine via Ukash, MoneyPak, GreenDot or PaySafeCard vouchers. Type your code and press 'OK'."
This could happen on both your personal devices or on work computers if your company doesn't have corporate antivirus software installed. Thousands of victims have lost their hard-earned money in the last few weeks due to this attack. How does the scam work?
Watch the video below to see in action the scary Blocked Browser scam exposed:
Let's show you how the scam works, how you can protect yourself, and take a look at the best antivirus software. The scam – also known as the Ransomware scam – has a few variations.
The text that pops up on your device could come in different forms: "All activities on this computer have been recorded", "Your browser has been blocked", "All your files are encrypted", or, "You are accused if viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law".
Submitting your card code into the form provided by the cyber criminals makes nothing but sending money to their pockets, as these reloadable cards are just like cash. All you need is a code and can redeem the money off them. You don't need to have a bank account or a credit card in order to use the money on the card. It is cash on a serial number.
In the latest version of the scam, criminals ask victims to enable the macros in a Word file they attach to their message. The malicious code itself was written in Office VBA, and closely mimics Dridex Banking Trojan infections, which are infamous for other past attacks.
Your Browser Has Been Blocked Scam: How To Avoid
Sometimes, the message might have a give-away intro such as "The page at [page you're visiting] says: "Your browser has been blocked…(and the rest of the notification)". The means the fake warning came from a web page that could say anything that will try and make you install an unwanted program/malware onto your device.
What you need to do first is to get out of that page with the "Your browser has been blocked" message. Click on the 'x' button situated on the Internet window tab. Many times, you might even have to do it a few times, as cyber criminals create loops that are stuck on these compromised Internet pages (it could be 5-10 clicks to close the tab or even 100 clicks on the 'Back' button.
Watch the video below to see in action the 'Your Browser Has Been Blocked' scam and how to get out of it right away before getting the antivirus software.
If your computer is running slow, or making excessive pop-ups, you may already be infected with spyware, which you can remove with powerful computer virus protection software, such as ESET.
On Internet Explorer: Click on the "Gears" icon. Select "Internet Options". Click the "Security" tab, click the "Internet" symbol, click "Custom Level". In the Settings list, scroll down to "Scripting" section. Under Active Scripting, click the radio button to the left of "Disable".
After closing your Internet browser and the fake notification page, scan your computer for possible malware infections. You could use this recommended antivirus software.
Always be careful and ignore/backout of any such warnings and never click ok or do anything that will install something onto your device because of whatever the warning wants you to do.
What If You Installed The Virus Already?
Going back to this specific scam, if you fell for it and introduced your reloadable card number, you will get another notification like this: "Fine has been payed. Your case has been closed. You can pay $350 processing fee to delete all criminal records." This way, crooks continue to milk the naive victims of more money, promising they will be totally clean legally-wise.
On the other hand, if you already installed the Ukash virus, here is how you can remove it manually:
Instructions for your PC: Restart your computer in safe mode. To do this, press F8 key before the system is started. Then press Ctrl+Alt+Del keys to open the Task manager to stop the progress of this Ukash virus. You will see it there, but it could have a weird name. Delete it.
Instructions for your Apple Mac OX: Click on the Safari menu and then choose Reset Safari. In the new windows, make sure all items are marked and click on the Reset button.
How To Remove The Virus From Android Phones
If your Android phone is infected restart it to safe mode to unlock your cell phone from the block virus screen. The safe mode starts up without loading any third-party add-ons and different devices have different ways to access safe mode.
Uninstalling instructions for Samsung Galaxy S5, Samsung Galaxy S4, Samsung Galaxy: 1. Power down. 2. Turn on and repeatedly tap the soft-button for "Menu."
Uninstalling instructions for Samsung Galaxy S3, S2 and others: 1. Power down. 2. Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (HTC One, LG, ZTE and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor's logo appears.
If you have managed to select Safe Mode, you will see the text "Safe Mode" at the bottom left corner of the screen. Next find the virus and uninstall it. Here is a video on how to do that, too.
The Scam Is Geo-tagged Worldwide
Criminals go an extra mile and geo-tag the pop-up to show up in different languages, depending on the country you live in. It has reported the same ransomware scam has been perpetrated in countries such as US, Canada, United Kingdom, Germany, France, Australia, Poland, Turkey, Spain, Italy, Austria, Denmark, Switzerland, Latvia, Luxembourg, Romania, Portugal and Czech Republic.
All claim to come from the national authorities, such as FBI, RCMP, Police, National Security Agency, Interpol, etc. Below is the text used the crooks in these specific countries:
Czech Republic: "Policie České republiky – Alle Aktivitäten des Computers wurden aufgenommen. All Ihre Daten werden verschusselt"
Denmark: "POLITI – Alle dine filer er krypterede. Forsøg ikke at låse op din computer!"
Finland: "POLIISI – Huomio! Selaimesi on lukittu"
France: "Gendarmerie Nationale – Attention! Votre browser est bloquéToutes les activités de cet ordinateur ont été enregistrées. Tous votre fichiers sont cryptés"
Germany: "BundesPolizei – Warnung! Zugang von Ihrem Browser wurde vorlaufig! Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt"
Hungary: "Szolgálunk és Védünk – Minden fájl titkosított. Ne próbálja meg kinyitni a számítógépet!"
Italy: "Polizia Penitenziaria – Attenzione! Il Suo computer personale è stato bloccato. Tutte le attività di questo computer sono state registrate. Tutti i suoi file sono crittografati"
Netherlands: "Politie Nederland – Alle activiteiten van de computer zijn geregistreerd. Al uw bestanden worden versleuteld" or "Attentie! Uw Webbrowser wordt geblokkeerd"
Norway: "Politiet – Alle dine filer er kryptert. Ikke prov a lase opp maskinen!"
Portugal: "POLICIA PORTUGAL – Todos os arquivos são encriptados. Não tente desbloquear o seu computador!"
Romania: "Politia Romana – Toate filele din acest computer au fost inregistrate si blocate.
Spain: Cuerpo Nacional de Policía – "Se han grabado todas las actividades de este ordenador. Todos sus ficheros están cifrados"
Sweden: "Polisen – "Viktigt! Din webbläsaren blev blockerad. Alla dina filer är krypterade. Försök inte att låsa upp din dator!"
Switzerland: "Schweizerische Eidgenossenschaft – Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt."