Tech support scammers have switched from cold calls to pop-ups ambushing users online, seemingly coming from the victims’ ISP.
In the US and Canada, Verizon, AT&T and TimeWarner users are being actively targeted, but according to Malwarebytes, users of UK-based BT, PlusNet, Sky and TalkTalk will soon start seeing these fake messages (if they haven’t already).
The messages, designed to look like they are legitimate warnings from the ISPs, usually say that the ISP’s system scans have detected malware on the users’ computer, and that the users’ personal documents, passwords, credit card information is at risk.
Newer versions of the message also contain a threat: “If left unresolved, you may be subject to PERMANENT ACCOUNT SUSPENSION as well as possible fines for network damage.”
A phone number has a prominent position in the message, and users are urged to phone in to contact the ISP’s certified technicians for assistance in cleaning up the machine.
If they do, they’ll get in touch with the scammers, who will do their very best to trick the victims into allowing them to remotely access their computer and, consequently, have access to the victims’ sensitive information (passwords, bank account info, etc.).
The scammers are using a clever trick to serve the correct pop-up to each potential victim: through malicious ads served via ad networks, users are redirected to a website that checks the computer’s IP address. That info is checked against the list of IP addresses owned by each ISP, the likely one is identified, and the victims are shown the right fake pop-up.
According to the BBC, these scammers are pretty convincing – they are ready for every question that the users might have.
Even an expert on tech support scams like Malwarebytes’ Jerome Segura was nearly fooled by the fake alert he was shown, so you can imagine that less tech savvy users are very likely to fall for the trick.
The computer industry, and especially Microsoft, has been trying to crack down on the perpetrators of these type of scams, but it’s a long process that shows results, but very slowly.
In the meantime, users should read up on all the latest scams, and pass that knowledge to less tech-savvy family and friends.