Alert: a new type of tech support scam

May 6th, 2019
Alert: a new type of tech support scam

Recently, fraud researchers have discovered a new technical support scam (TSS) campaign spreading across the Internet. This TSS campaign disguises itself as a Microsoft service site and puts users in a loop once a URL is entered!

Imagine this:

  1. You see a URL that starts with “support.microsoft.com…”
  2. Because it looks trustworthy, you click it, then two pop-up windows open, warning you that your computer is infected
  3. The pop-up asks for user authentication and a few other details, then prompts you to call your support hotline ASAP
  4. Your browser is now frozen and clicking on the ‘close’ or ‘cancel’ button only takes you back to the same page
  5. By this point, you’ve entered an endless loop designed by cyber criminals

How does it work?
TSS campaigns usually simply freeze browsers, but this scam is unique in that it keeps the user on the same page repeatedly, making it more difficult for the user to exit the window. This is done by using “iframes,” which are HTML documents embedded within another HTML document. Whenever the URL is entered, the iframe shows up on the page as a login screen. Because users tend to feel panic in the event of a frozen browser, they are more likely to immediately call the tech support number on the screen.

Why does this matter?
Trend Micro reported that this specific Microsoft campaign had an average of 575 visitors per day. Research shows that the URLs are usually distributed using several different IP addresses and through deployed advertisements.

What can you do?
Samuel P Wang, a security researcher from Trend Micro, says, “Fortunately, the success of TSS attacks largely depends on how users respond to their tricks. As has been highlighted in this new campaign, users can look out for suspicious characteristics of a webpage, such as unfamiliar URLs, pop-ups asking for authentication, or any sort of information and messages that raise panic and alarm.”

  • Educate your employees to always be cautious of suspicious URLs
  • Use the Task Manager to forcefully quit
  • Adopt security solutions to protect your systems from threats
  • Call us today at 616-719-4100 to ensure full security for your company and employees

Read more about the issue on Samuel Wong's blog post.