Recently, security researchers have discovered a new form of phishing attack in which a victim’s computer gets stuck in a seemingly inescapable “kiosk mode” in the Google Chrome browser. Once the device is stuck on a full screen login page, it offers no other way to escape the screen than to put in your log in credentials. But, in this attack, if you enter your credentials, the scammer will then have access to them.
If you use Google Chrome to browse the web regularly, then you may be familiar with Kiosk mode. But, if you are not familiar, Kiosk mode is a feature built into the Google Chrome web browser that limits the browser to a single, full screen window. Essentially, it blocks users for accessing other apps or screens on the device. Some companies may use Kiosk mode to limit devices to be a single use device. It is commonly used in public settings so that people do not access parts of a device that they are not supposed to. For example, if you have ever been handed a tablet at the doctor’s office and told to enter your information into it, that tablet was probably in some form of kiosk mode so that you could not exit the desired application. Kiosk mode can also be used in a variety of other settings such as for standardized testing in schools, for visitor sign-in sheets, for self-service kiosks, and for digital signage.
In this unique phishing attack, a scammer prompts your computer to launch a new tab with a log in page in kiosk mode. Because the kiosk mode feature is designed to prevent users from exiting the page, a victim may believe that the only way to exit the screen is to enter their credentials into the log in page. However, these credentials are immediately stolen by malware and the phishing attack is successful. Once the attacker has the credentials, they often change the password, effectively locking the victim out of their Google account. So far this attack has only been seen in Google Chrome, but since some other browsers have similar features to Google’s Kiosk mode, it may be extended to those browsers soon.
If you do find yourself in the middle of this attack, don’t worry. You don’t actually need to enter your log in information into the Kiosk mode page in order to leave the page. By simply pressing the ctrl, alt, and delete buttons at the same time, you can access your computer’s task manager where you can forcibly shut down Google Chrome. If you don’t feel comfortable doing this yourself, you can always contact a trusted IT provider and have them help you.
Though the ctrl, alt, delete feature can help in the event of an attack, it is best to try to avoid it altogether. This attack begins after an unreliable link is clicked or a sketchy app is downloaded. A phishing attack is executed when a scammer disguises a fraudulent link, website, application, etc as a reliable one, so it is important to verify the validity of an of these things before interacting with them on your device. If you receive an unusual, unprompted email from a person or organization, or if you visit a website that seems sketchy or unrealistic, it is best to leave it alone. If you are unsure, your IT provider will be able to verify any emails, texts, websites, etc that you are worried about. Overall, it is best practice to always be careful and cautious.
Read our previous post here: Watch Out For Holiday Scams This Season
