14 DAY TRIAL // Cybercriminals started to contact Internet users in Australia and threaten them with disconnection in order to trick them into engaging into tech-support scams.
They claim to be employees of Internet Service Provider (ISP) Telstra in Australia and inform the potential victim that their computer has been compromised by malware and that Internet services would be discontinued to prevent infection of other customers of the company.
In an example provided by Hoax-Slayer, a user receiving such a call from the scammers realized the deceit based on the caller ID, which showed an overseas number, and the fact that the information provided by the crook made no sense in relation to the problem they claimed to be affecting the system.
To prove that malware is lurking on the computer, the crooks instruct the user to open up the Event Viewer panel in Windows and check for any “critical” entries.
Event Viewer logs significant events occurring on the computer, such as software errors (crashes, conflicts), so most of the entries appear concerning for a less technical eye.
However, these are not direct indications of malware activity and come in handy when troubleshooting problems on the system.
Event Viewer is not the only panel used by scammers to dupe their victims. Malwarebytes recorded a conversation where the crook connected to the allegedly compromised computer (with the owner’s consent) via LogMeIn and pulled up the “Prefecth” folder.
This location stores details about the programs launched at system start and uses them for improving the operating system’s performance.
After deceiving the user that their computer is infected, the cybercriminals offer to help eliminate the problem by recommending the purchase of security products from them.
Most of the times, these are snake-oil, but in some tech-support scams crooks simply sell legitimate solutions at a much higher price than recommended by the vendor.
Apart from direct calling, tech-support scammers also use various methods to lure users to web pages purporting to run a scan of the computer and to find malicious items. A “toll-free” number is provided on the page for users to seek assistance.
Basically, after setting up these pages and creating the redirect mechanism, all cybercriminals have to do is wait for their victims to call.
Companies engaged in this type of fraudulent activities have been found on US territory, in Florida. Talking to a native English speaker would increase the trust of the victim in the provided services, the scam recording a higher success rate.