Cybercrime campaigns based on social engineering can yield better results for crooks than regular malware attacks. These hoaxes don’t require any tedious software development efforts and the “vulnerabilities” of human nature often play right into the perpetrators’ hands. Add a little bit of malicious code into the mix and you’ve got yourself a tech support scam.
The con artists behind tech support scams impersonate reputable technology companies to interact with would-be victims over telephone, via websites or by means of rogue software. The logic of such schemes is to persuade the user that their computer is infected with viruses, generating suspicious network activity or having system activation issues. The goal is to trick victims into paying for troubleshooting services they don’t need.
There are several variations of the modern tech support scam. Whereas the common denominator always boils down to manipulation, the specific mechanisms of achieving this objective may vary and allow security analysts to single out three main tactics of these scammers.
- The most old-school tactic relies on cold calling the potential victims. The impostor pretends to be from the support department of a major IT company and says they have detected malicious activity emanating from the user’s computer. Then, they ask the unsuspecting person to allow then remote access of their computer so they can fix the problem. Instead, the scammer will point to harmless items in system maintenance reports and claim they are serious problems. The malefactor will then attempt to offer a remote tech assistance subscription for a fee.
- Another variant of tech support scams involves specially crafted websites that display bogus security alerts or error notifications. People hit these deceptive pages by clicking on a fishy ad on another site, or as a result of a redirect caused by a browser hijacker. To top it off, the code embedded in these web pages triggers popup alerts and splash screens that cannot be closed unless the victim terminates the browser process altogether. The self-proclaimed support agents instruct the user to dial a specific phone number so that they can remotely rectify the issue for a fee.
- Some tech support scams engage scareware. Scareware is a malicious program that reports nonexistent security threats, imitates operating system crashes or displays counterfeit product activation windows. Most of these deceptive applications sneak into PCs as part of freeware bundles. The nag screens provide a phone number that the user is instructed to call for assistance. Again, the “operators” on the other end will try to sell the victim worthless support services.
The evolution of tech support scams has spawned new techniques that make these hoaxes more effective and increasingly elusive.
- Multiple layers of obfuscation
Cybercrooks have recently devised a method to prevent their scams from being detected by antivirus software. It revolves around hiding malicious scripts behind several layers of obfuscation – usually backed by encryption. Following this is an intricate sequence of technical processes that keeps security software from identifying the scam.
- Call optimization services
Some of the newer frauds mimic the activity of legitimate call centers. The scammers employ call optimization services that normally facilitate the process of routing calls by distributing the load and generating relevant phone numbers based on the user’s location.
When a user is redirected to a scam page, they see a stubborn popup alert that cannot be easily closed due to persistent code. This notification includes a phone number for the visitor to dial in order to take care of the issue. With automatic call optimization in place, the attackers make sure the contact details inserted in the page align with the user’s geographic location. Furthermore, the service can dynamically generate new phone numbers that haven’t been blacklisted.
- Causing CPU to skyrocket
Another recent tech support scam stands out from the crowd as it disrupts computer performance via the user’s web browser.
The scam drags the web browser into a traffic loop that uses up all CPU power of the target machine. A warning message on the page maxes out the CPU and keeps it there, thus causing the browser to crash. Naturally, this also impacts the stability of the whole computer system and makes regular applications unresponsive. This tactic is used to pressure the victim into giving the feigned support agents a phone call as soon as possible.
Not only are tech support scams prolific, but they are also becoming increasingly sophisticated and evasive. The exploitation of legitimate services make these hoaxes look convincing. To stay on the safe side, users should treat any online warnings with a fair degree of suspicion. The rule of thumb is to refrain from calling the phone numbers listed on such pages.