New 'scareware' attack hits 2.8 million victims, pretending to lock them out of your browser heres how you can stay safe

Date:
Mon, 25 May 2026 21:10:00 +0000

Description:
CypherLoc scareware spreads through phishing emails, locking browsers
visually while scammers use fake alerts and support calls to steal information.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter CypherLoc tricks users into believing their browser is completely locked Fake support numbers lead
victims straight into identity theft traps Phishing emails remain the main entry point for the scam A massive wave of digital deception has swept across the internet since early 2026, catching millions off guard with a clever browser trick.

Security researchers at Barracuda have warned how a strain called CypherLoc has targeted roughly 2.8 million people through phishing and psychological manipulation. Unlike traditional malware that actually damages files or systems, this attack relies entirely on making users believe they have lost control of their own machines. Latest Videos From You may like 'What begins
as a phone call from 'IT support' ends with a fully instrumented network compromise': This fake tech support scam tricks employees into infecting
their own company devices Watch out Microsoft Teams users - hackers are spreading a dangerous new phishing scam, here's what we know New cyber scam abuses Microsoft Teams to steal your data The mechanics of digital deception The process typically commences with a phishing email which contains either a malicious link or an infected attachment.

Clicking this link directs the user to what first appears as a completely harmless webpage, though this calm is merely a disguise.

Barracuda associate threat analyst Megharaj Balaraddi notes that the
scareware activates only under certain conditions, like when a system lacks proper security scanning tools.

This activation allows the attack to evade standard detection methods while keeping the malicious page hidden from automated security checks. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Once activated, the browser transforms into what feels like a digital prison with no obvious escape route.

The attack forces full-screen mode, disables standard context menus, hides
the cursor, and blankets everything with alarming security messages.

A fraudulent support phone number appears prominently on the screen as the supposed only solution to this manufactured crisis. What to read next 'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know Experts reveal how fake CAPTCHAs are driving a global SMS scam campaign Microsoft phishing threat report shows 146% surge in quishing

When users click anywhere or attempt to regain control, the browser emits warning sounds that further escalate their panic and confusion.

The attackers added several layers of emotional manipulation to make their scheme more convincing than older scareware variants, with CypherLoc retrieving and displaying the victims public IP address directly on the screen, a move designed to personalize the threat and intensify fear.

Showing this IP address is a psychological tactic, made to make the warning feel personal and increase the sense of urgency, Balaraddi explains in his analysis of the campaign.

A fake login pop-up appears as well, and its inevitable failure to work only deepens the users growing sense of desperation.

When frightened victims finally call the displayed number, human operators posing as Microsoft support staff take over the conversation.

From this point, the scammers can extract banking details, passwords, payment information, or any other sensitive data they wish to obtain. How to stay
safe To stay safe, users must exercise extreme caution when checking their inboxes, social media feeds, or any text messages arriving from unknown senders.

CypherLoc campaign succeeds primarily because it preys on human fear rather than any sophisticated technical breach of your actual system - so messages that invoke a strong sense of urgency should raise immediate suspicion, as scammers deliberately pressure you to click or call without thinking clearly.

Avoid clicking on links or downloading attachments from people you do not
know personally and trust completely.

Installing reliable antivirus software provides a critical layer of defense against many threats, including scareware that tries to exploit browser vulnerabilities.

Some identity theft protection services also include antivirus tools,
offering multiple security layers within a single subscription for those seeking extra protection.

Legitimate security alerts never lock your browser, do not display phone numbers for you to call, and never demand immediate action through pop-up windows.

Via Cybernews Follow TechRadar on Google News and add us as a preferred
source to get our expert news, reviews, and opinion in your feeds.



======================================================================
Link to news story: https://www.techradar.com/pro/security/new-scareware-attack-hits-2-8-million-v ictims-pretending-to-lock-them-out-of-your-browser-heres-how-you-can-stay-safe


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)