A one-click scam posing as emergency tech support is making the rounds on every platform with a web browser and a connection to the Internet, according to Microsoft.
Jonathan San Jose, of the Windows Defender Research team, recounts on the Microsoft TechNet blog how his team recently came across a new type of tech support scam that streamlines the process of reaching the user with an auto-call script and scare tactics.
“This streamlined tech support scam forgoes the use of dialog boxes and instead contains code that has a click-to-call link that it automatically clicks.”
Using platform-specific templates and multiple hotline numbers, the campaign opens the user’s default phone app (Skype, Viber, etc.) or, in the case of iOS, tempts the user to OK a call to the fake support scam hotline.
It also uses scare tactics to try to persuade the user to proceed with the call. The scam automatically plays an audio file as the website is displayed – a technique reminiscent of the Techbrolo family of support scams, San Jose notes.
When Apple users are targeted, for example, the audio message goes as follows:
Critical alert from Apple support. Your mac has alerted us that your system is infected with viruses, spywares, and pornwares. These viruses are sending your credit card details, Facebook logins, and personal emails to hackers remotely. Please call us immediately on the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3.
According to the researcher, “The audio message is characteristic of tech support scams in its use of scare tactics.” If victims follow through with the call, they are likely to be charged for the call and might even fall victim to a follow-up scam.
As one would guess, the best way to avoid falling into the trap is to simply dismiss the bait: the call to action.
The news is not all bad, though. Campaigns employing the novel scam are currently scarce, and most anti-malware solutions will thwart them.
The Windows 10 built-in web browser, Edge, blocks tech support scam websites automatically, according to Microsoft.
Bitdefender customers will see a warning that the site they are about to visit is malicious, regardless of browser type or platform.
Because the scam templates accept URL parameter changes, it will likely start to circulate on the dark web. Which means there’s a good chance such campaigns will soon grow in number and sophistication.