In the ever-evolving world of cybersecurity, deceptive tactics are becoming more sophisticated. One such deceptive tactic is the “Abnormal Network Traffic On This Device” alert. Isto é um Phishing Scam, and you should not trust it.

The “Abnormal Network Traffic On This Device” Scam: An Introduction

Researchers have stumbled upon a malicious setup promoting the “Abnormal Network Traffic On This Device” scam during their usual surveillance of suspicious websites. It’s essential to note that the setup also recommended a browser hijacker called CovidDash, along with a flurry of other dubious applications.

The scam unfolds when the malicious file is run, presenting a pop-up window designed to look like an alert from Microsoft. The phony warning claims that the user’s device has been disconnected from the network due to suspicious network traffic. The scam’s primary goal is to coax victims into visiting a phishing website.

Detailed Breakdown of the Scam

The scam begins when a malicious setup is run on the test system, resulting in a scam pop-up window. The message is disguised as a warning from Microsoft, claiming that suspicious network traffic has been detected on the user’s device. As a safety measure, the device has supposedly been disconnected from the network.

Curiosamente, the installer responsible for delivering this pop-up does disconnect the computer from the Internet – an unusual move as most scam messages are false. It’s likely that this is a strategy by the cybercriminals to prevent users from accessing the web and downloading antivirus software that could remove the scam.

The message then instructs the user to scan a provided QR code for identity verification and network restoration. When the QR code is scanned, it redirects the user to a rogue website.

The disconnection of the Internet on the infected machine shouldn’t result in significant losses for the cybercriminals since most users scan QR codes using mobile devices.

The Next Step of the Scam

Once the rogue website is accessed, it presents a form disguised as Microsoft, asking users to provide their personally identifiable and credit card information. This includes fields for the cardholder’s name, credit card number, expiry date, CVV, endereços, e número de telefone.

Providing the requested information to the phishing website would inadvertently disclose it to the scammers. This data could then be exploited to steal the victims’ identities and make fraudulent transactions and online purchases.

If you have already given your private data to this scam, contacting the appropriate authorities immediately is crucial.

It’s worth mentioning that the fake pop-up could be used to promote a different malicious site. Always remember that all claims made by the “Abnormal Network Traffic On This Device” scam are fake, and they’re in no way associated with the real Microsoft Corporation.

In a nutshell, falling for a scam like this can lead to system infections, graves problemas de privacidade, perdas financeiras, e roubo de identidade.

Resumo da ameaça

Nome “Abnormal Network Traffic On This Device” pop-up
Tipo de ameaça Phishing, Scam, Engenharia social, Fraude
Reivindicação Falsa Abnormal activity was detected on user’s device network – hence, it was disconnected.
Disfarce Microsoft
Rogue process name Windows host process (Rundll32) [process name may vary]
Related Domains 0zpt4.za[.]com, pcrrent[.]com
Serving IP Address (0zpt4.za[.]com) 172.67.159.146
Sintomas Fake error messages, fake system warnings, pop-up errors.
Dano Perda de informações privadas sensíveis, perda monetária, roubo de identidade, possible malware infections.

Remoção de malware (Windows)

Para eliminar possíveis infecções por malware, verifique seu computador com software antivírus legítimo. Our security researchers recommend using SpuHunter.

Ferramenta antispam recomendada:

Baixar SpyHunter
The product is full-featured, and you have to purchase a license for SpyHunter. There is a 7-days free trial available.

Similar Scam Examples

We have analyzed thousands of scams; “To Complete The Update, Install The Critical Security Update”, “McAfee – A Virus Has Been Found On Your PC!”, “Critical Threat Detected: Adware App”, “Ads.financetrack(1).exe”, and “Avira Security pop-up scam” are just a few examples of ones using claims about fake issues detected on users’ devices.

The Internet is full of deceptive and malicious content. Various false claims are used to gain and subsequently abuse users’ trust. Common scam models include device infections, system threats, atualizações falsas, hoax lotteries/giveaways, e assim por diante.

Regardless of what a scam warns about or promises – its ultimate goal is to generate revenue at victims’ expense.

How Did I Encounter the Scam?

At the time of research, the “Abnormal Network Traffic On This Device” scam was promoted through a malicious installer. After it was launched, a deceptive pop-up window was displayed. The scam then progressed by instructing the user to scan the provided QR code, which redirected to a phishing site.

No entanto, scam websites are endorsed using various techniques. These pages can be accessed via redirects caused by sites that use rogue advertising networks, either upon initial access or when hosted content is clicked (v.g., botões, ligações, text input fields, Publicidades, etc.).

Spam browser notifications and intrusive advertisements also promote online scams. Além disso, mistyping a website’s URL can result in a redirect (or a redirection chain leading) to a deceptive page. Adware also promotes scams by displaying misleading ads or force-opening sites that run this content.

How to Avoid Online Scams?

We strongly recommend downloading only from official and verified channels. Além disso, approach installation processes with caution, v.g., by reading terms, exploring potential options, using the “Custom/Advanced” settings, and opting out of all supplements (aplicativos, nas extensões, Ferramentas, etc.) to avoid allowing bundled/harmful content into the system.

Another recommendation is to be vigilant when browsing since fake and malicious online content usually appears legitimate and harmless. Por exemplo, intrusive ads may look ordinary yet redirect to unreliable/suspicious websites (v.g., scam-promoting, jogatina, pornography, adult dating, etc.).

We advise against using sites that offer pirated software/media or other questionable services (v.g., Torrenting, illegal streaming/downloading, etc.) since they typically employ rogue advertising networks.

Pay attention to URLs and enter them with care. To avoid receiving unwanted/deceptive browser notifications, do not permit dubious webpages to deliver them (ou seja, do not click “Allow”, “Allow Notifications”, etc.). Em vez disso, ignore or deny notification requests from such pages (ou seja, select “Block”, “Block Notifications”, etc.).

Se o seu computador já está infectado, recomendamos executar uma varredura com SpyHunter para Windows to automatically eliminate all threats.

Text presented in the Scam Pop-up

Microsoft

We have detected abnormal network traffic on this device. To protect your safety, we have disconnected the network of this device, to restore the network of this device, please scan the QR code below to verify your identity and enter the confirmation code to confirm your identity and restore the network.

Appearance of the Scam

This is a screenshot of the “Appearance of Abnormal Network Traffic On This Device” pop-up scam’s process [Windows host process (Rundll32)] in Windows Task Manager:

This is a screenshot of a deceptive website promoting the malicious installer:

To restore the Internet connection, users have to perform the following steps:

  1. Vá para Configurações
  2. Clique em “Network & Internet”
  3. Selecione “Advanced network settings”
  4. Disable and re-enable the Ethernet device

 

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. SpyHunter is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

Baixar SpyHunter

By downloading any software listed on this website, you agree to our Privacy Policy and Terms of Use. To use the full-featured product, you have to purchase a license for SpyHunter. A 7-days free trial is available.

Quick Menu

  • What is the “Abnormal Network Traffic On This Device” pop-up?
  • How to identify a pop-up scam?
  • How do pop-up scams work?
  • How to remove fake pop-ups?
  • How to prevent fake pop-ups?
  • What to do if you fell for a pop-up scam?

Identifying a Pop-up Scam

Pop-up windows with various fake messages are a typical lure that cybercriminals use. They’re designed to collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, e assim por diante.

Although cybercriminals strive to make these rogue pop-up windows appear trustworthy, scams typically have the following characteristics:

  • Erros ortográficos e imagens não profissionais – Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Senso de urgência – A countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Claims that you won something – If you haven’t participated in a lottery, online competition, etc., and you see a pop-up window stating that you’ve won something.
  • Verificação de computador ou dispositivo móvel – A pop-up window that scans your device and informs you of detected issues is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusividade – Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Understanding How Pop-up Scams Work

Cybercriminals and deceptive marketers usually use various advertising networks, técnicas de envenenamento de mecanismos de pesquisa, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on the user’s location and device information, they’re presented with a scam pop-up. The lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

Removing Fake Pop-ups

Na maioria dos casos, pop-up scams don’t infect users’ devices with malware. Se você encontrar um pop-up fraudulento, simplesmente fechá-lo deve ser suficiente. Em alguns casos, scam pop-ups may be hard to close; em tais casos, close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. Por isso, use our instructions explaining how to reset Internet browser settings.

Preventing Fake Pop-ups

To prevent seeing pop-up scams, you should only visit reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other similar reputation websites commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, keep your Internet browsers up-to-date and use a reputable anti-malware application. Para este propósito, nós recomendamos SpyHunter Antivirus for Windows.

What to Do If You Fell for a Pop-up Scam

The appropriate action depends on the type of scam that you fell for. Mais comumente, pop-up scams trick users into sending money, providing personal information, or giving access to their device.

  • Se você enviou dinheiro para golpistas: Contact your financial institution and explain that you were scammed. If informed promptly, there’s a chance to get your money back.
  • If you gave away your personal information: Change your passwords and enable two-factor authentication in all online services that you use. Visit the Federal Trade Commission to report identity theft and get personalized recovery steps.
  • Se você permitir que golpistas se conectem ao seu dispositivo: Scan your computer with a reputable anti-malware (nós recomendamos SpyHunter para Windows) – cyber criminals could have planted trojans, keyloggers, e outros malwares, don’t use your computer until removing possible threats.
  • Help other Internet users: Report Internet scams to the Federal Trade Commission.

perguntas frequentes (Perguntas frequentes)

O que é um golpe pop-up?

Basicamente, pop-up scams are deceptive messages intended to trick users into performing specific actions. Por exemplo, victims can be enticed/scared into providing private data, making monetary transactions, calling fake support lines, allowing cyber criminals to remotely access devices, downloading/installing software, purchasing products, subscribing to services, etc.

Qual é o propósito de um golpe pop-up?

Pop-up scams are designed to generate revenue for cyber criminals. Scammers primarily profit by obtaining funds through deception, abusing or selling sensitive information, promoting content, and proliferating malware.

I have provided my personal information when tricked by a scam, O que devo fazer?

If you have disclosed your personal-identifiable or finance-related information (v.g., detalhes do cartão de identificação, passport scans/photos, números de cartão de crédito, etc.) – immediately contact the corresponding authorities. And if you’ve provided your account credentials – change the password of all potentially exposed accounts and inform their official support without delay.

Por que encontro pop-ups falsos?

The “Abnormal Network Traffic On This Device” scam has been observed being promoted through a malicious setup. No entanto, scams are endorsed using various techniques. Deceptive websites are most commonly accessed via redirects caused by pages that use rogue advertising networks, misspelled URLs, notificações de spam do navegador, intrusive ads, ou adware instalado.

Will SpuHunter protect me from pop-up scams?

SpuHunter is designed to detect and eliminate threats. It can scan devices and remove unwanted/malicious content (ou seja, adware, sequestradores do navegador, malwares, etc.). Além disso, SpuHunter is capable of scanning visited websites and issuing alerts if they are found to be suspicious/malicious. Consequentemente, should you enter such a page – you will be warned immediately, and further access to it will be blocked.

Conclusão

Em conclusão, it’s crucial to stay vigilant while browsing the internet. The “Abnormal Network Traffic On This Device” scam is a perfect example of how cybercriminals can trick even the most vigilant users. Always remember to verify the source of any pop-up or alert, and never give out your personal information without making sure of the legitimacy of the request. Ser seguro!

Deixe uma resposta

seu endereço de e-mail não será publicado. Os campos obrigatórios estão marcados *