VB Migration

Support scammers up their game


Websites and Facebook accounts created to make callers appear more legitimate.

‘Support call scammers’ have started to use professional-looking websites and social media accounts to make themselves appear more legitimate.

In these scams – which have been prevalent in many English-speaking countries for some time – victims are telephoned and told that their computer has been engaged in malicious behaviour such as the sending of spam. To make the claim more credible, users are usually socially engineered into opening the Event Viewer in

Windows

and are made to believe that the harmless alerts they see are a serious problem. To solve this ‘problem’, the user is told that the caller requires remote access to the PC – which, of course, allows the caller to install malware. Sometimes users are also charged for having their PC ‘fixed’.

The callers often claim to call on behalf of

Microsoft

or the victim’s ISP, but now they have started to use phony company names as well. In one case witnessed by researchers from

ESET

and

Virus Bulletin

, the call came from a company named ‘eFIX’, which has a legitimate-looking website, as well as a

Facebook

account.

The website’s domain name was registered in September 2011 from India, although ‘eFIX’ uses a boilerplate address in Glasgow and claims to have employees in five different countries and to offer 24/7 support. The website also displays testimonials from happy ‘customers’; interestingly, one such customer can be seen on another website used by scammers as an employee of that company.

The ‘eFIX’

Facebook

page displays more genuine-looking reviews from customers thanking ‘eFIX’ for fixing their PC. Comments from people saying it was a scam and demanding their money back are being removed.

Customers whose PCs are infected with malware are a serious problem for ISPs, most of which are looking into ways of notifying infected customers. Support call scams are therefore not only a problem for the victims of such scams, but also potentially jeopardize the trustworthiness of such ISP notifications.

More at

ESET

‘s blog

here

, or in an article published in

VB

in January 2011

here

(free registration required).

Posted on 09 November 2011 by

Virus Bulletin

Posted

in

by

root

Tags:

, ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *