We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Fake Windows warnings continue to trick users

Study: Pop-ups are a growing security threat

Psychologists at North Carolina State University have found that computer users struggle to distinguish between fake Windows warning messages and the real thing.

In an experiment that tested the responses of 42 web-browsing university students, they found that almost two-thirds of them - 63 percent - would click 'OK' whenever they saw a popup warning, whether it was fake or not.

"Many people fall for this style of attack by not recognising the visual elements that separate real and fake warning windows," the researchers concluded in a paper delivered at an academic conference in New York this week.

That's bad news, security experts say, because fake popup messages can take you to some very bad places on the internet.

Phoney 'AntiVirus 2008' codec blackmails users

In the experiment, users tended to see the popup windows as an irritant that they needed to get rid of as quickly as possible, said Mike Wogalter, a psychology professor at North Carolina State who co-authored the study. "They really didn't think about it at all," he said.

Clicking on a fake popup window can take you to a website you may not have intended to visit, but there can be nastier results as well. In one well-known scam, victims are sent an email with a link to a web page that promises an interesting video clip. When they try to watch it, however, a popup message tells them they need to install special codec software to view the video.

In fact, the software is a Trojan downloader that then laces the victim's computer with malicious software such as keyloggers that track usernames and passwords.

To make matters worse, fake popups are increasingly found on legitimate websites, often delivered via online advertising networks, said Eric Howes, director of malware research with security vendor Sunbelt Software. "It's becoming a real problem because a few years ago, you would only see these fake popups on some of the seedier places on the internet."

Harvard Assistant Professor Ben Edelman agrees that deceptive popups are a big problem. "These are widespread, particularly when you stop one notch below the very fanciest news sites," he said. "If you go to MySpace or if you just run Google searches and click on results, you're likely to stumble on such ads."

While it's easy to blame users for missing bogus error messages, Wogalter said software developers who have overwhelmed their users with too many warning messages should also share the blame. "They shouldn't be putting people into this sort of position," he said.

The North Carolina State researchers said that their subjects chose the best course of action - clicking the red X ‘close window' button at the top right corner to close their fake popups - just under a third of the time.

But Sunbelt's Howes said scammers are so clever these days that the ‘close window' buttons are often fake too. "You can get into this sort of Alice in Wonderland desktop where nothing responds like you think it should," he said.

Users who are really concerned about a popup message should close the window from the Windows taskbar at the bottom of the screen.

Or some may feel compelled to take more drastic action. "Sometimes the safest thing to do is to kill the entire browser," Howes said.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia