Tech Support Scam Borrows Ransomware Tactics

Fake support scam demands cash for locked screen

Scammers pretending to be Microsoft technical support are old hat. It used to be that they would give a user a call, telling that a scan had revealed a bad virus that was infecting the system. Magically, by disclosing a few details (usually financial), the tech team could solve the problem for the valued customer. This worked with elderly or inexperienced users, though as people caught on, the scammers had to up their game. So the tech-scam team took a leaf out of the ransomware manual.

The support scam has used lots of tactics, including the faking of the “Blue Screen of Death”. In the last week, a new approach has been noted – a screenlock purporting to be the expiry of the user’s Windows license. The scam is not an annoying pop-up that can easily be removed, or wiped with a reboot. So far, this infection is thought to be distributed via Pay-per-Install downloads.

In one instance observed by researchers, the malware (for that’s what it is) infected then waited for the next restart. It then produced fake a Windows update display as it makes changes to the desktop. Once the ‘updates’ are finished, a screen is produced to inform the user that their license key has expired, complete with a number to call for renewal. Basically, this is a screen lock. And a call to the helpful support team will reveal that the cost of returning the system to normal will be $250.

Although this malware is more of a scam, and manageable, it displays how even the weaker online criminals are stepping-up their game in the name of profit. The important question that a user infected by such should be asking: how did this enter my system? If this school-kiddy screenlocker can get in, have a read about some of the professional lockers on the market…

N.B: Microsoft Support never personally call users.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.