14 DAY TRIAL // Cybercriminals behind tech support scams grow more organized as they deploy campaigns with dedicated targets, based on both a specific region of the globe and the operating system on the victim’s computer.
One of the most prevalent variants of tech support scams is to feed the victim a fake warning about malware infection and provide a help desk number for assistance with getting rid of the threats.
If the victim calls, usually the crooks convince them that the computer is infested by connecting remotely and showing legitimate system logs with different errors as proof of malware infection.
A paid security solution is then recommended for fixing the problem, the product being in most cases overpriced or a sham.
Crooks engage in global operation
Starting from findings of independent researcher @malekal_morte, experts at Blue Coat analyzed some tech support campaigns and found on one site JavaScript code indicating that the operation was aimed at different countries, each with a different phone number to call.
Researchers discovered that the cybercriminal group targeted France, Australia, United Kingdom, New Zealand and South Africa.
More than this, the potential victims were screened for the operating system to redirect to a web page with the correct bait.
Blue Coat found three such websites, all aiming at Mac users and attempting to scare them into calling a given number with bogus malware infection warnings.
Ransomware behavior detected
One of the most interesting examples found by the researchers also contained an audio stream, with a female computer-synthesized voice reading a predefined text in a loop, probably to make the alert appear more credible.
Loading the page would also trigger a JavaScript pop-up and would lock access to the browser, following the pattern of a classic ransomware scam, Blue Coat says.
One explanation for using a computerized voice is that the scammers are not native English speakers and their accent may raise suspicion to the potential victim.
Tech support scams are relatively new, but crooks started to exploit the potential of this segment of users, with one example recorded back in January, by Jerome Segura from Malwarebytes.
However, we have not seen any signals in the past that the scammers started to be this organized in order to increase the chances of profit. At most, they would recycle text from one campaign to another and adapt it to be more relevant, although sometimes the attempt would be a poor one.
