Tech Support Scams: How To Spot a Phish

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.

In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.

Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.

While this version of the scam is still being used in some cases, for the most part, the process has been enhanced with the use of mass-targeted phishing. Now scammers send out millions of phishing lures claiming to contain invoices, bills, late payment charges, and other panic-inducing content in order to grab the attention of potential victims and persuade them to click a link or call the scammer directly.

The goal is simple: Scare the victim into giving up their personally identifiable information (PID) and/or credit card information.

 

Does your organization need help spotting tricky phishing emails? Attend our 15 Best Practices for Phishing Protection webinar. 

Register Now

The Breakdown

Primary Target(s): Pretty much anyone.

Lure Volume: Consistently high.

Geography: Most threat groups are based in India, but some have been found operating in the US.

Threat Actors: Highly organized, with a business-like structure and dedicated call centers.

Motivation: Profit.

 

Lure Analysis

As we’ve already noted, there are two aspects to the modern tech support scam: telephone and email. In both cases, the tactics and emotional levers used to scam victims remain consistent.

Take these real phishing lures, for example.

Tech Support 1.png

Order cancellations. Account deactivations. Both are situations potential victims aren’t expecting and both use fear and intrigue to elicit the desired response.

And take a look at the links provided in these lures. They use official-looking graphics and brand logos to convey trust, but behind the scenes they divert victims to highly unofficial phishing sites.

And what happens when you click one of these links?

Tech Support 2.png

In this case, the victim is directed to a webpage informing them their computer has been locked, and they will need to call the number provided. Of course you can get rid of these pages by force-quitting your browser… but the average person doesn’t realize that.

If you take the time to call one of these numbers, you’ll most likely be greeted by a person who claims to be from Microsoft Tech Support.

And from there… well, you know the rest.

 

Takeaways

For the most part, simply being aware of this type of scam is enough to ensure you won’t fall for it. If you know enough to realize Microsoft isn’t going to call you (or ask you to call them) you shouldn’t have any trouble recognizing these scams for what they are.

Unfortunately, many people aren’t aware of the humble tech support scam, and thousands are successfully conned out of their personal and/or credit card information each year.

So if you’d like to help minimize the number of people who fall victim to tech support scams this year, how about sharing this article with your friends and colleagues? You never know, it could save them thousands of dollars and a great deal of embarrassment.

This is a Security Bloggers Network syndicated blog post. Read the original at: The PhishLabs Blog 2017-10-17.