The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory for users to install trusted, up-to-date anti-virus software with an Internet security component and to customise ‘news feed’ in the Microsoft Edge Browser, as part of countermeasures to lessen the chances of falling for a malicious attack that has been discovered in the browser.
The NCC-CSIRT further advised users of the browser to practise safe Internet browsing habits and to refrain from clicking on links they are unsure of in the face of a malicious attack that has been rated as having a high probability and potential damage to systems.
The advisory stated that the malicious advertising campaign, unearthed on the Microsoft Edge Browser News Feed, redirects victims to fraudulent tech support websites and that cybercriminals have resorted to posting bizarre, attention-grabbing stories or advertisements on the Edge news feed to entice users to click on them. The malicious advertisements appear legitimate but contain malware and/or other threats.
“The Microsoft Edge News Feed is the default page that appears when a new tab is opened, and it displays information such as news, advertisements, weather, and traffic updates. Also, the following are the steps that result in being redirected to a bogus tech support page: The user clicks on a story or advertisement and the Edge browser setting is analysed for various metrics,” according to the advisory.
Based on the aforementioned metrics and prior results, the advisory said: “If the user is adjudged to be a bot or in a location that is not of interest, the user is redirected to a harmless dummy page that is relevant to the story or advertisement initially clicked on; However, if the user is [considered] a potential victim, then the user is redirected to a tech support scam website for further exploitation.”
A statement by the NCC’s director, public affairs, Reuben Muoka said victims of the tech support website scam could have their Personally Identifiable Information (PII) and other data harvested or they could be with malware.
The NCC, therefore, urged telecom consumers and other stakeholders in the ecosystem to install up-to-date AntiVirus software and be alert to the wiles of cybercriminals, to not fall victim to cyber scams.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting and securing Nigerian cyberspace to forestall attacks and problems or related events.
