Tech support scams have been around for quite some time. As a result, it’s no surprise these these ruses are growing in number and sophistication.
A tech support scam used to only consist of unknown fraudsters messing around with fake anti-virus alerts, or cold-calling potential victims pretending to be Microsoft and offering to help with a virus infection.
Resellers of legitimate computer security software have been getting caught up in the scamming game. Not only that, but some scams are leveraging advanced techniques like computer lock screens to trick unsuspecting users.
It would now appear scammers have added yet another tactic to get what they want: impersonating a victim’s Internet Service Provider (ISP).
This new tech support scam begins with a pop-up message that interrupts a user’s browsing session. The message appears to come from the victim’s ISP, with Malwarebytes having detected several messages that claimed to originate from several popular U.S., Canadian, and UK Internet Service Providers including AT&T, ComCast, and TalkTalk.
The scam informs the user that their ISP has “detected malware” on their machine and recommends they call a fake customer support number. It is at that stage that a “representative” tricks the user into giving them remote access to their computer and/or paying hundreds of dollars for fake technical support.
Jérôme Segura, a senior malware intelligence analyst at Malwarebytes who has seen other tech support scammers impersonate victims’ ISPs, feels this latest ruse represents the next phase in tech support scams.
As he told the BBC:
“It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam. Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling.”
But just how are scammers finding out a victim’s ISP?
That’s the ingenious part. Using an advert with a single malicious pixel, fraudsters are infecting users who visit legitimate websites with malware. That malware, in turn, redirects the user to a website that looks up their IP address, information which they use to determine their ISP.
Users should always be cautious of unexpected pop-up messages in their browsers. They should also be wary of unsolicited calls and emails offering to fix their computers.
Regardless of who claims to be on the other end of those pieces of correspondence, users should never give out their account numbers. They should always contact a company directly if they are looking for technical support.