Firefox Bug Exploited to Scam Unsuspecting Windows Users

(Image credit: Shutterstock)

Nothing convinces people to part with their hard-earned cash like poorly worded notifications that pop up when people visit a website, right? Well, no. But that seems to be what someone thought, as Ars Technica reported today that scammers are exploiting a bug in Firefox to make people think their systems will be deactivated.

The message claims that victims are using a system on which "the Windows registry key is illegal" because "this Windows desktop is using pirated software" and "sends viruses over the internet." People who see the message are urged to "contact Windows support" by calling a 1-888 number that isn't associated with Microsoft in any way. We assume the scammers would then convince any callers to pay out.

There are plenty of ways to realize this is a scam. The first is the broken English--the message reads, "We block this computer for your safety" as if that statement makes sense--used to claim numerous problems with the offending system. The second would be the fact that Microsoft wouldn't use random websites to scan for pirated versions of Windows that it deactivates unless people call a 1-888 number.

Another indicator: this message is displayed to macOS users too. We doubt many of them are pirating Windows, and even if they were, they probably wouldn't feel obliged to call Microsoft about it. These scammers are relying on their victims to panic, call the mysterious number and pay up to make sure their PCs stay unlocked.

The scammers have also exploited a Firefox bug that allows this message to render the browser unusable. Closing the window doesn't help, either, if someone has the "restore tabs" setting enabled. It merely puts them in a never-ending loop until the offending tab is closed. Again, that should be a sign that something isn't on the up-and-up, but the less technically inclined might not question heavy-handed tactics.

Mozilla's reportedly working on a fix for this issue now. In the meantime, if you know anyone who might fall prey to a scam like this, now might be the time to remind them of a few things. One, Microsoft wouldn't show Windows users messages like this. Two, never trust messages demanding you call customer support. And three, if you would pay this ransom, why not just buy Windows in the first place?

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • kerberos_20
    when my key got broken, i just used windows built in "get help" app to contact support, got new key for free