The concept behind these latest scams is simple, and was described by Duck and Sean last week. The criminals are using support centres to contact users and trick them into believing they have a problem with their computer.
In so doing, users may be scammed into paying for unnecessary support or software, perhaps even giving the criminals remote access to their computer in the process!
During a cold call that I received last week, I was treated to the usual banter: "malicious traffic had been spotted" eminating from my computer, indicating the presence of "junk and infected files" that were set to "destroy software, Windows and important files on my computer".
The scripts being used by the call centre may well be pure comedy to the tech-savvy, but the simple fact is that a lot of regular users are likely to fall for it. It only took me a few minutes of searching to find others who had received the same calls as myself, and within discussion forums there were numerous posts from individuals who had been tricked into parting with their credit card details.
Should we be surprised at this latest development in scareware distribution? I do not think so. Malware distribution has been a business for a good while now, and where the financial rewards are sufficient, some investment in "sales" is clearly justifiable.
The paying of call centre staff in these latests attacks is akin to paying for rogue adverts, another tactic we have seen used before.
Historically, scareware distributors have used a whole variety of tactics in order to hit users.
- mass-spamming of malicious attachments.
- redirecting web traffic from compromised, legitimate web pages.
- hacking web servers to redirect certain types of web traffic.
- using crimeware exploit kits to target client vulnerabilities and infect the user with scareware.
- gaming the search engines in search engine optimisation attacks (SEO).
We have seen scareware attacks evolve from simple mass-spammed attachments to more cunning web-based attacks. The search engine optimisation (SEO) attacks are particularly cunning in that they abuse the very services that we all rely on and trust. Using call centres to cold call victims lacks that finesse, but it is somewhat inevitable, sadly.
Improved security (particularly widespread adoption of URL filtering) makes it harder for the even the most cunning of web-based attacks to succeed. The telephone cuts right through that and exploits the weakest link in the chain, the user.
Today (November 15th) marks the start of Get Safe Online week.
Get involved. Invest just a small amount of time and avoid becoming a victim.
And if you get asked by your friends or family how to recognise a scam support call, and what we recommend you to do if you receive one (don't hang around - put the phone down immediately!), why not get them to listen to our advice in this podcast:
(05 November 2010, duration 6:15 minutes, size 4.5MBytes)