Tech support scams have been a long-term practice already. Considering this fact, it is no wonder that they are constantly increasing.
Previously, a tech support scam used to only consist of unknown fraudsters messing around with fake anti-virus alerts, or cold-calling potential victims pretending to be Microsoft and offering to help with a virus infection. However, now it’s quite different.
The resellers of legitimate computer security software have been getting caught in the scamming game. Besides, some scams now are leveraging advanced techniques, such as computer lock screens, in order to trick users.
Presently, it turns out that hackers have added another tactic to get what they want: impersonating a victim’s Internet Service Provider (ISP).
The new tech support scam begins with a pop-up message which interrupts the user’s browsing session. This message appears to come from the victim’s ISP, with experts having detected several messages that claimed to originate from several popular U.S., Canadian, and UK Internet Service Providers including AT&T, ComCast, and TalkTalk.
The scam informs the user that their ISP has “detected malware” on their machine and recommends they call a fake customer support number. It is at that stage when a “representative” tricks the user into giving them remote access to their computer and/or paying hundreds of dollars for fake technical support.
The senior malware intelligence analyst Jérôme Segura, who has seen other tech support scammers impersonate victims’ ISPs, feels this latest ruse represents the next phase in tech support scams.
Segura told BBC: “It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam. Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling.”
The question here is how the attackers are finding out a victim’s ISP.
Using an advert with a single malicious pixel, the attackers are infecting users who visit legitimate websites with malware. This malware redirects the user to a website that looks up their IP address, information which they use to determine their ISP.
Users should always be cautious of unexpected pop-up messages in their web browsers. Also, they should be aware of unsolicited calls and emails offering to fix their computers.
In cases when technical support is needed, users should contact a company directly and they should never give out their personal account numbers.