Criminals who run fake tech support scams are expanding their range of tactics, and now are using spam messages to push victims to their scam sites.

Historically, these schemes have been run through two main channels: phone calls or malicious online ads. Victims who visit sketchy sites containing malicious ads connected to fake tech support scams will often encounter popups and dialog boxes warning them about a non-existent virus or vulnerability on their machines. The popups typically urge victims to call an 800 number to speak with a technician to fix the problem. The scams often use legitimate logos from companies such as Microsoft or Apple to make them appear real.

Victims who fall for these scams wind up with a remote access tool installed on their computers, which enables the criminals to gain access. They use the tools to pretend to find serious problems on the machines and then try to scare the victims into paying a fee for help solving them. The same general tactic is used when the scammers make outbound robocalls to victims.

Now, these groups are adding the use of spam messages to their arsenals, employing fake order cancellation emails from sites such as Amazon as lures, according to a new analysis by Microsoft researchers. The links in these messages often send victims to redirection sites that send them through a series of other sites before they land on the target site.

“The technical support scam websites employ various social engineering techniques to compel users to call the provided hotlines. They warn about malware infection, license expiration, and system problems. Some scams sites display countdown timers to create a false sense of urgency, while others play an audio message describing the supposed problem,” Microsoft’s analysis says.

“Tech support scam websites are also known to use pop-up or dialog loops. A dialog loop refers to malicious code embedded in sites that causes the browser to present an infinite series of browser alerts containing falsified threatening messages. When the user dismisses an alert, the malicious code invokes another one, ad infinitum, essentially locking the browser session.More advanced tech support scam sites use web elements to fake pop-up messages. Some of these scam sites open full screen and mimic browser windows, showing spoofed address bars.”

The tech support scam problem has been growing and expanding in the last couple of years as fraudsters try to adapt to the defenses technology companies have put in place. Spam is an old technique for spreading malware and pushing victims to phishing sites, but its use in the tech support scam ecosystem is much rarer.

Comments are closed.