Phishing

CypherLoc scareware tricks millions into identity theft traps

Cybersecurity threat concept with hands typing on laptop and warning symbols floating in digital space.

Coverage from Tech Radar indicates that a massive wave of digital deception has swept across the internet since early 2026, catching millions off guard with a clever browser trick known as CypherLoc. Security researchers at Barracuda have warned that this strain has targeted approximately 2.8 million people through a combination of phishing and psychological manipulation.

The CypherLoc attack begins with a phishing email containing a malicious link or attachment. Upon clicking, users are directed to a webpage that appears harmless until specific conditions are met, often when a system lacks adequate security scanning. The scareware then activates, forcing the browser into full-screen mode, disabling context menus, hiding the cursor, and displaying alarming security messages. A fraudulent support phone number is presented as the only solution.

When users attempt to regain control or call the number, they are met by scammers posing as Microsoft support. These operators then extract sensitive information such as banking details and passwords. The attack notably retrieves and displays the victim's public IP address to personalize the threat and uses fake login pop-ups to increase user desperation. This method preys on fear rather than technical exploits, making caution with unknown senders and links crucial for defense.

Source: Tech Radar

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds