(Image credit: Shutterstock)

Imagine this: one minute you’re checking your email, and the next, your browser is completely locked. If that wasn’t worrying enough, whenever you click your mouse, a warning sound plays and your current IP address is shown prominently on your screen. No, this isn’t a ransomware attack where you’re locked out of your files by hackers. Instead, it’s a new scareware attack currently making the rounds online where scammers try to trick you into picking up your phone and calling them.As reported by Cybernews, 2.8 million people have been targeted by this attack since the beginning of this year. Dubbed CypherLoc by security researchers at Barracuda, it uses a combination of phishing, malicious code and social engineering to get potential victims on the phone. From there, the scammers on the other end can get all sorts of personal and financial information out of them or even launch follow-up attacks.Here’s everything you need to know about this new scareware attack, along with some tips and tricks to help you avoid falling for this scam and others like it in the first place.

(Image credit: wk1003mike/Shutterstock)Just like with many other attacks, this one begins with a phishing email in your inbox. According to a blog post from Barracuda, there’s either a malicious link in the body of the email or one included in an attachment.While you should never click on links in emails from unknown senders, those who do in this case are taken to a webpage that appears harmless at first glance. However, it gradually transitions into a scareware page once triggered to do so.Within the page, there’s a hidden, encrypted payload that executes the scareware. Before it can be decrypted and launched, though, the site checks to see if it is being run in a testing environment (usually by security researchers), and if so, a blank screen appears instead. This helps CypherLoc avoid detection.On an ordinary user’s computer, though, the page will transform into a scareware interface that locks their browser, shows alarming-looking security messages and urges them to contact tech support immediately to fix the issue.Get instant access to breaking news, the hottest reviews, great deals and helpful tips.Although the tactics used in this campaign are similar to a ClickFix attack, the scammers behind it have a few more tricks up their sleeves to coerce potential victims into calling them. In addition to fake login forms to appear more legitimate, the most surprising one is that this fake page plays a warning sound whenever a user clicks, switches to full screen or tries to reload. Then, to make things personal, CypherLoc retrieves and then displays a victim’s public IP address on its scareware page.Between showing a user’s IP address and random alarm sounds playing from their browser, this will usually be enough to convince potential victims to call the phone number that appears on screen. If they do so, they’re met with scammers posing as Microsoft tech support, which is likely enough to convince many people to hand over sensitive details they would have ordinarily kept private.How to stay safe from scareware