Cyber criminals are always innovating: improving their malware products and and trying to find new ways to take money from unsuspecting users.
For example, many of us are familiar with the cold calls purporting to be from Microsoft, Apple, or some other reputable IT company, telling users that they can see that their computers are infected and they need to go to website to get their computer fixed. These companies try to make money by infecting, pretending to clean, and stealing data from the victims.
Now there is another method being used today to scare users – fake tech support. They are setting up websites by using trademarked logos and images from legitimate IT companies.
Here’s an example: You’re having troubles installing printer software and go to Google to search for brand printer support. You click on the 1st result in the search that leads you to brand-support.com. While looking through the site for help, you click on live chat. The operator suggests a call to troubleshoot.
After a few unsuccessful minutes on the phone, the operator asks you to go to logmein.com to allow him remote access to install the driver. Since this is a normal procedure when you call the help desk at the office, you assumes it must be fine when talking to supplier support.
After a few minutes of remote access, the technician has fixed the printer issue, but then tells you that your machine is infected. The operator shows you what he claims are event logs with errors.
He runs “netstat–a” in a command prompt to show you your PC is connected to botnets. For a mere $300 extra, he can fix this. At this point you suspect that the support person isn’t legit and you disconnect the remote connection session or shut down you PC.
What is remarkable about this technique is that it:
- Does not rely on cold calls
- Does not rely on phishing
- Is not addressed in most security training
- Results in giving the fraudster complete access to the PC, bypassing all security tools
After setting up the fake site and boosting it above legitimate sites in search results, the attacker, like a spider in a web, sits and wait for a victim to come to them. The event log displayed to the user was either a fake image or has been filtered to show only errors.
Here’s great article written by MalwareBytes detailing another fake tech support call.