A new scam, in which fraudsters pose as legitimate ISPs to offer bogus tech support, either via the phone or on the net, is on the rise, the BBC has found.
It is a twist on an old trick which involved cold-calling a victim - often claiming to represent Microsoft - and charging for fake tech support.
The new variants have been spotted in the UK and US.
BT said that it is investigating the issue.
The online version of the scam involves a realistic pop-up which interrupts a victim's normal browsing session with a message that appears to be legitimate and seems to come from the victim's real ISP.
US security firm Malwarebytes has spotted several from US and Canadian ISPs, including ComCast and AT&T. It has also seen webpages created for UK ISPs, including TalkTalk and BT.
The pop-up contains a message saying that the ISP has "detected malware", and urging victims to call a number "for immediate assistance".
Jerome Segura, a consultant at security firm Malwarebytes, has been investigating tech support scams for years but when he came across the latest iteration, he nearly fell for it.
"It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam," he told the BBC.
He is not surprised scammers have found new methods to fool people.
"Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling," said Mr Segura.
How do scammers know your ISP?
In the case of cold calls it may just be a lucky case of guessing a common ISP but in the case of pop-ups, there is an altogether cleverer way for fraudsters to glean information that can help them.
How it works
- Big ad networks allows users to win ad space on websites by bidding at a particular price
- Criminals are taking advantage of this to place adverts which are infected with a single "bad" pixel
- This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site - they do not even need to click on the ad
- The malware in the ad redirects users to a website in the background - invisible to the user - which checks their computer and discovers their IP address
- From the IP address it is easy to find out which ISP owns which IP address
- Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call
Fraudsters do still use cold-calling but their methods here have also become more sophisticated - instead of a vague description of themselves as a Windows Support agent, many are now claiming to represent legitimate ISPs, with very believable answers when they are challenged.
Take David from the Midlands, who falls into the category of a typical victim, being older and not entirely tech-savvy. He is, coincidentally, related to a Malwarebytes employee.
He recently received a phone call from someone claiming to represent the BT Rescue centre.
"We get inundated periodically with international calls and we know that they are either trying to sell us something or are up to no good," he told the BBC.
The caller tried to persuade David that he had been monitoring his BT broadband service for some time and had become aware of a number of viruses that needed immediate attention.
David was not sure - he had fallen for a similar scam a few years ago and was not ready to do so again. He asked for the caller's telephone number and address and told him he would check with BT and get back to him.
The number the man gave him to call back on looked like a London one (with a 0203 prefix) and the address he gave was the actual address of BT's London headquarters.
After several unsuccessful attempts to get through to BT's genuine helpline number to verify the call, David decided to ring back.
"I got through to what sounded like a call centre and a young lady said 'this is BT Support and I will put you through to a technician'. It all sounded very believable.
"The technician, who I think was a different person to the original caller, said he was from the BT rescue team and had been monitoring the use of my BT broadband and had been getting signals that it had been hacked into," David told the BBC.
He asked David to type Alureon into Google, to show him the virus he was claiming had infected his computer. Alureon is a real virus that buries itself deep inside the Windows operating system.
After scaring him with the possible dangers, he asked David to visit a website and enter a code which gave the technician remote access to his computer.
He showed him a range of programmes on his computer than looked as if they could have a problem - one of the issues with Windows operating system is that it shows a lot of errors that can look suspicious to the untrained eye.
Source:BBC
No comments:
Post a Comment