Scare tactics! Tech support scam claims your hard drive will be deleted

Scammers tries to frighten you into phoning them up.

Scare tactics! Tech support scam claims your hard drive will be deleted

A new tech support scam warns that a victim's hard drive will be wiped of all data... unless, of course, they call the fake customer support number.

This scam initiates whenever a user visits a malicious website. Immediately, it tries to scare the victim with a unusual tactic, as Siddhesh Chandrayan of Symantec explains:

"The web page displays a fake 'hard drive delete timer' that warns the user that their hard drive will be deleted within five minutes. A warning audio tone is also played in the background, which again warns the user that their system is infected."

The scam also displays a pop-up alert in the browser that the user's computer has been infected by a virus and that they must call a support number to resolve the issue.

1 0

WARNING!

Your Hard drive will be DELETED if you close this page. You have Exploit.SWF.bd Virus infection! Please call Microsoft Support Now! Call Toll-Free: (0)286-740-0038 To Stop This Process

Are you sure you want to leave this page?

Call centerOf course, if you are duped into calling the number you run the risk of being tricked into giving a hacker remote access to your computer (which may lead to them installing malware on your computer), or handing over your credit card details for a "repair".

Tech support scams make use of a variety of techniques to successfully fool their victims.

Some rely on a convincing impersonation of the victim's ISP or of Microsoft's update process or the infamous "blue screen of death", while others attempt to give away as little information as possible to security researchers.

This latest scam falls into the latter category. Specifically, it uses obfuscated JavaScript to hide a number of its attributes, including the code used to activate the scam, display the pop-up alert, and even track cookies so as to avoid delivery to the same victim more than once.

To optimize the chances of someone falling for the scam, fraudsters take it one step further and even include code (also obfuscated) that verifies the user's operating system.

Chandrayan points out why:

"This code addresses a potential major flaw in the scam. Usually, tech support scams come with hardcoded strings such as 'Windows detected infection'. For a user redirected to the web page from an Apple Mac, it is clear they are being tricked into something fake. The scammer avoids this scenario by tailoring their code appropriately and showing the fake alerts relevant to the specific victim."

Os code

Code used to check OS of victim's computer

This particular tech support scam might have a few more bells and whistles than other ruses, but users can defend against it just as they would any other ploy.

Specifically, if you think there's something wrong with your computer, you should contact the company directly and speak to a representative. You should also avoid visiting suspicious websites and remember to maintain an up-to-date anti-virus product, and keep your computers patched with the latest security updates.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. Bob

    October 28, 2016 at 10:49 am #

    Windows, MacOS, Unix and Linux.

    Everything except BSD in their OS detection code although I'm sure that your average BSD user would be sufficiently computer literate to not fall for this scam notwithstanding the superior compartmentalisation of the OS.

    • James in reply to Bob.

      October 28, 2016 at 8:02 pm #

      Linux users would also be computer literate enough to not fall for a scam as retarded as these.

      • Bob in reply to James.

        October 28, 2016 at 9:30 pm #

        I'd hope so but you never know. The same generalisation could be made of Unix users.

        Linux is pre-installed on many systems especially on those distributed overseas. Most of the distributions are so simple to use that it's no longer used exclusively by techies and these scams are affecting Linux users.

Leave a Reply