Scareware pushers pose as certified technicians to infect victims

Aug 2, 2010 09:42 GMT  ·  By

Security researchers are concerned about the increasing number of scams that involve people receiving phone calls from scammers, who impersonate tech support specialists. The rogue callers claim that virus infections were detected on the computers of their targets and try to get them to install scareware.

The practice of contacting someone over the phone without any notification in advance and presenting them with some sort of offer is referred to as cold calling. The method has been long used by sale representatives and is now regulated in many countries, via “Do Not Call” lists.

Unfortunately, such opt-out mechanisms are not honored by cyber criminals, who apparently have adopted the practice to trick computer users into infecting themselves with malware. According to David Harley, a senior research fellow at antivirus vendor ESET, more and more reports of such rogue phones calls are coming in from people in the UK and Europe.

The scams generally start with the caller posing as a technical support engineer certified by a well known company like Microsoft or Cisco. Typically they claim that the phone call is in response to reports sent out automatically by the user's computer, which is infected with malware.

One method regularly used to convince the target that there is something wrong with their computer is to get them to open the Windows Event Viewer. This operating system component is likely to list various warnings about errors generated by applications and services. These errors aren't necessarily critical or require any kind of action, but non-technical users are obviously not aware of that.

The rogue tech support specialists offer to install what they claim are better antivirus programs. To add credibility to their story, they often cite the names of reputable security vendors the victims might have heard of. However, the products they tout are actually rogue applications, which display fake security alerts in order to convince users to pay for useless licenses.

Unfortunately, such scams might only be the beginning. "One of the ideas around at the moment is that ISPs might (or even should) regulate customers whose systems are compromised by malware such as bots by not allowing them to connect until those systems are cleaned. […] I have a horrible feeling that we might start to see support scammers claiming to be working for or affiliated with ISPs: the threat of disconnection would be an effective way of putting pressure on victims," David Harley, warns.

You can follow the editor on Twitter @lconstantin