Support scammers up their game

Posted by   Virus Bulletin on   Nov 9, 2011

Websites and Facebook accounts created to make callers appear more legitimate.

'Support call scammers' have started to use professional-looking websites and social media accounts to make themselves appear more legitimate.

In these scams - which have been prevalent in many English-speaking countries for some time - victims are telephoned and told that their computer has been engaged in malicious behaviour such as the sending of spam. To make the claim more credible, users are usually socially engineered into opening the Event Viewer in Windows and are made to believe that the harmless alerts they see are a serious problem. To solve this 'problem', the user is told that the caller requires remote access to the PC - which, of course, allows the caller to install malware. Sometimes users are also charged for having their PC 'fixed'.

The callers often claim to call on behalf of Microsoft or the victim's ISP, but now they have started to use phony company names as well. In one case witnessed by researchers from ESET and Virus Bulletin, the call came from a company named 'eFIX', which has a legitimate-looking website, as well as a Facebook account.

The website's domain name was registered in September 2011 from India, although 'eFIX' uses a boilerplate address in Glasgow and claims to have employees in five different countries and to offer 24/7 support. The website also displays testimonials from happy 'customers'; interestingly, one such customer can be seen on another website used by scammers as an employee of that company.

The 'eFIX' Facebook page displays more genuine-looking reviews from customers thanking 'eFIX' for fixing their PC. Comments from people saying it was a scam and demanding their money back are being removed.

Customers whose PCs are infected with malware are a serious problem for ISPs, most of which are looking into ways of notifying infected customers. Support call scams are therefore not only a problem for the victims of such scams, but also potentially jeopardize the trustworthiness of such ISP notifications.

More at ESET's blog here, or in an article published in VB in January 2011 here (free registration required).

Posted on 09 November 2011 by Virus Bulletin

 Tags

phone scam support
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2020 TIPS presentations: cybercrime in the DACH region and ransomware in LATAM

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 TIPS presentation: Intelligence Sharing for Supply Chain Security

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 localhost is over, but the content is still available to view!

VB2020 localhost - VB's first foray into the world of virtual conferences - took place last week, but you can still watch all the presentations.

New additions complete the VB2020 localhost programme

The programme for VB2020 localhost - the first virtual, and entirely free to attend VB conference - is now complete, with new additions to both the live programme and the on-demand programme.

VB2020 localhost call for last minute papers: a unique opportunity

Why VB2020 localhost presents a unique opportunity for you to share your research with security experts around the globe.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.