Sophos has received reports that some Google searches for Sophos Technical Support lead to bogus pages purporting to be official Sophos support contact information.
SophosLabs is investigating these reports alongside Google and warns that these bogus support pages have been reported to appear prominently on Google search results.
These fake support pages reportedly provide contact information, such as telephone numbers. If called, an unknown person - not a Sophos employee, contractor or partner - offers assistance to the caller for a fee.
In one case, the caller was ask to fork over credit card details and a payment of $300 USD for support assistance.
One customer reported to Sophos:
When the false positive first hit us, I wanted to call Sophos immediately; however I did not have the phone number on hand, so I Googled it. The first phone number that came up wasn’t Sophos tech support. It was a 3rd party company based out of Singapore ... Now, it was my fault for not double-checking the number, but they answered the phone as “Sophos Tech Support”. This led me to believe that they were Sophos. I then spoke to a technician and he informed me that I did have a virus and it would take a fee of $300 to have the tech fix it. It didn’t feel right, and I needed to get approved for the credit card purchase, so I put the tech on hold to and double checked the phone number. Once I realized that I wasn’t talking to Sophos, I hung up and the tech did not try to call me back.
Sophos Support provides free support to all customers and partners experiencing any software issues, including the Shh/Updater-B false positive.
Sophos is reminding everyone to use one of the official support mechanisms listed on the Sophos Support contact page.