HackDig : Dig high-quality web security articles for hackers

Scammers Impersonate ISPs in New Tech Support Campaign

2016-03-21 05:45

Tech support scammers are investing a lot of efforts to attract new victims each day, and despite many takedowns, this is a highly profitable industry.

We uncovered a new tech support scam campaign pushed via malvertising which cleverly detects which Internet Service Provider (ISP) you are using (based on your IP address) and displays a legitimate looking page that urges you to call for immediate assistance.

The scam is quite sophisticated, with professional looking phishing pages and even custom audio messages for each ISP:

Our system scans have detected malicious spyware on your computer. Your personal photos, credit card information and passwords may be at risk. Contact our certified technicians for immediate assistance

verizon

The ISPs that were targeted in this campaign were mainly American and Canadian ISPs:

phishing_logos

We called the number and were handled by a tech support company out of India that goes by the name of Credence Incorporation and operates a website at: support-samurai.com.

As always, the technician that took remote control of our machine found many “infected files”, using outrageous (for anyone tech savvy) tricks:

inf
Many people won’t know the difference, but the above command is by no means a way to scan a system for malware. Sadly, this sales pitch will still prove effective and those crooks will be able to extort several hundred dollars for non existent computer problems.

At the time of writing this blog, we noticed that all the fraudulent websites had been shutdown. They had been registered under disguise with the following identity:

Registrant Name: Elizabeth Gonzalez
Registrant Organization: Sky-IP
Registrant Street: Addison House Plaza, street 57
Registrant City: Panama

As tech support scams are getting more and more clever, people need to up their guards. We are seeing attacks that go to great lengths to target victims using information collected from the browser (ISP, city, time zone, etc) which is used to make the scams more genuine.

For additional information on tech support scams, please visit our resource page.

IOCs:

Malvertising:

  • www.terraclicks.com/watch?key={redacted}
  • www.adnetworkperformance.com/a/display.php?r={redacted}
  • cliktrackr.com/321358bte3?zone=1008480&lang=EN&{redacted}
  • track.trackerpros.com/7a96d6b1-963f-4fb6-9077-5c0693e30554?zone=1008480&lang=EN&{redacted}

Fake webpages involved:

  • att-support.com
  • att-techsupport.com
  • bellaliant-support.com
  • bellcanada-support.com
  • bt-techsupport.com
  • charter-support.com
  • cogeco-support.com
  • cox-techsupport.com
  • cpsthisn.com
  • dominant-media.com
  • eastlink-support.com
  • ee-techsupport.com
  • optimum-techsupport.com
  • plusnet-support.com
  • rogerscable-support.com
  • shaw-support.com
  • sky-techsupport.com
  • talktalk-support.com
  • telus-support.com
  • timewarner-support.com
  • timewarner-techsupport.com


Source: apmac-troppus-hcet-wen-ni-spsi-etanosrepmi-sremmacs/30/6102/macs-duarf/gro.setyberawlam.golb

Read:4106 | Comments:0 | Tags:Fraud/Scam Alert ISP tech support scam

“Scammers Impersonate ISPs in New Tech Support Campaign”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud