14 DAY TRIAL // Tech support scammers started to get more proficient at the way they deceive users into buying their fake products, and lay out complex and believable traps.
They have set up web pages for the download of installers, impersonating big brands on the market, such as Norton, McAfee, AVG and Malwarebytes.
All these pages (hosted on onlineinstanthelp.com) are copies of the originals, with a small modification: they all provide a "toll-free number" for the victim to reach out for help when problems appear; and complications will definitely occur.
Referring to the scammy web page impersonating Malwarebytes’ site and claiming to deliver the security product from the reputable vendor, Jerome Segura said that “except for the toll-free number (which is not ours), the page is pretty much the same as the real one.”
Malwarebytes tested the help desk of such a scam and what they found is pretty interesting, and one can’t listen to the recording (video available at the end of the article) without cracking a smile a few times.
When the user tries to add the fake product to the system, they will encounter an error that prevents its installation on the grounds that the system is already infected; this is done intentionally, because the error dialog also shows a tech support number the victim can call for fixing the issue.
“The guys behind this went to such lengths that they actually piggy-backed on the real programs and inserted their own piece of code half way through the installation procedure,” Segura says.
In Malwarebytes’ experiment, calling the phone number reached someone that diagnosed the problem but could not fix it because it was of a different department competence.
However, they were able to pinpoint the problem by looking into the prefetch folder, a location that stores information about the applications launched when the system is started and uses them to improve startup performance.
The “technician” said that these files were programs downloaded without user knowledge, with access to data available on the computer; needless to say that a less technical user would fall for this trick.
A transfer to another department is the final stage of the scam, when the user is pushed a three-year subscription to an antivirus (McAfee in this case) that would clean the computer.
The company carrying out the scam has been identified to be from India, and the LogMeIn ID used to connect to the victim’s computer remotely has been published so that appropriate measures can be taken against it.
To eliminate the risk of falling into a well-laid trap, users are advised to download security solutions only from known, reputable sources.
