NCC-CSIRT proffers countermeasures against website scams on Microsoft Edge Browser

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory for users to install trusted, up-to-date anti-virus software with an Internet security component and to customize News Feed in Microsoft Edge Browser.

A statement by Director, Public Affairs Reuben Muoka on Tuesday, said this is part of the countermeasures to lessen the chances of falling for a malicious attack that has been discovered in the browser.

The NCC-CSIRT further advised users of the browser to practise safe Internet browsing habits and to refrain from clicking on links they are unsure of in the face of the malicious attack that has been rated as high in probability and potential damage to systems.

The advisory stated that the malicious advertising campaign, unearthed on the Microsoft Edge Browser News Feed, redirects victims to fraudulent tech support websites and that cybercriminals have resorted to posting bizarre, attention-grabbing stories or advertisements on the Edge news feed to entice users to click on them. The malicious advertisements appear legitimate but contain malware and/or other threats.

According to the advisory, “The Microsoft Edge News Feed is the default page that appears when a new tab is opened, and it displays information such as news, advertisements, weather, and traffic updates. Also, the following are the steps that result in being redirected to a bogus tech support page: The user clicks on a story or advertisement, the Edge browser setting is analysed for various metrics.”

Based on the aforementioned metrics and prior results, the advisory said “if the user is adjudged to be a bot or in a location that is not of interest, the user is redirected to a harmless dummy page that is relevant to the story or advertisement initially clicked on; However, if the user is adjudged a potential victim, then the user is redirected to a tech support scam website for further exploitation.”

Victims of the tech support website scam could have their Personally Identifiable Information (PII) and other data harvested or they could be with malware.

The NCC, therefore, urges telecom consumers and other stakeholders in the ecosystem to install up-to-date AntiVirus software and be alert to the wiles of cybercriminals in order not to fall victim to cyber scams.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.