Tech support scams are a growing nuisance, and companies like Microsoft have been working hard to deal with the threat that they pose to users. Appearing almost out of nowhere, supposed technicians from Microsoft are calling oblivious people telling them that their computer has a virus and needs to be fixed. Unfortunately, the fraudsters are only out to steal money from their victims, and probably steal personal and financial information too.
The Microsoft Malware Protection Center has seen this shady business model evolving further. It recently discovered a phishing campaign that utilizes innocuous-looking links in email but will instead lead to tech support scam websites. These websites use pop-ups and scare tactics to urge the victim to dial the number on the screen and pay for unnecessary "repair services."
Aside from the usual act of cold calling, typical online support scams start with malicious ads that offer fake installers and pirated media. Another attack vector is by malware such as Hicurdismos, which displays a fake BSOD or fake error notifications.
The spam emails, according to the blog post, pretend to be notifications from online retailers or professional networking websites. Links are embedded within the text to make it look less suspicious. These point to websites like "love.5[redacted]t.com," "s[redacted]t.com," and "k[redacted]g.org," which Microsoft believes are compromised.
Once the links have been opened, they will redirect the user to a web page that mimics a legitimate site. In the screenshot above, the content is designed to look like a real Microsoft website, and the scammers even took the time to copy various small details. A message will then pop up, warning about a malware infection, license expiration, or other related issues. Others even play sounds or display a countdown timer to create a sense of urgency.
To make it even more difficult for the user to ignore the "warning," scammers also use dialog loops. These are the messages that appear on the hoax websites, which are designed to look like genuine messages coming from the computer. If a dialog is dismissed, the malicious code invokes another one, and so on, trapping the user in an endless cycle. This essentially locks the browser session. "More advanced tech support scam sites use web elements to fake pop-up messages. Some of these scam sites open full screen and mimic browser windows, showing spoofed address bars," the blog post warns.
Scams like this are indeed continuing to evolve. Back in November 2016, ransomware was seen connecting victims to scammers in order to decrypt infected files. Also, a tech support scam application was discovered in March, which displays an error message as soon as another program innocently crashes.
"The recent spam campaigns that spread links to tech support scam websites show that scammers don’t stop looking for ways to perpetrate the scam," Microsoft said. "While it is unlikely that these cybercriminals will abandon the use of malicious ads, malware, or cold calls, email lets them cast a wider net."
All things considered, it pays to be careful when opening emails, as they might contain malicious code that could compromise your security. Using a powerful antivirus program can also help, blocking potentially harmful websites, and keeping you away from any danger online.