The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory for users to install trusted, up-to-date anti-virus software with an Internet security component and to customiseNews Feed in Microsoft Edge Browser.
According to a statement issued yesterday by the NCC director of Public Affairs, Reuben Mouka, this development is part of the countermeasures to lessen the chances of falling for a malicious attack that has been discovered in the browser.
The NCC-CSIRT further advised users of the browser to practisesafe Internet browsing habits and to refrain from clicking on links they are unsure of in the face of the malicious attack that has been rated as high in probability and potential damage to systems.
The advisory stated that the malicious advertising campaign, unearthed on the Microsoft Edge Browser News Feed, redirects victims to fraudulent tech support websites and that cybercriminals have resorted to posting bizarre, attention-grabbing stories or advertisements on the Edge news feed to entice users to click on them. The malicious advertisements appear legitimate but contain malware and/or other threats.
According to the advisory, “The Microsoft Edge News Feed is the default page that appears when a new tab is opened, and it displays information such as news, advertisements, weather, and traffic updates.
the steps that result in being redirected to a bogus tech support page: The user clicks on a story or advertisement, the Edge browser setting is analysed for various metrics.”
Based on the aforementioned metrics and prior results, the advisory said “if the user is adjudged to be a bot or in a location that is not of interest, the user is redirected to a harmless dummy page that is relevant to the story or advertisement initially clicked on; However,
if the user is adjudged a potential victim, then the user is redirected to a tech support scam website for further exploitation.”
Victims of the tech support website scam could have their Personally Identifiable Information (PII) and other data harvested or they could be with malware.
The NCC, therefore, urged telecom consumers and other stakeholders in the ecosystem to install up-to-date AntiVirussoftware and be alert to the wiles of cybercriminals in order not to fall victim to cyber scams.