Cold-Calling Cyber-Criminals Tout Fake Antivirus

Scammers are using call centres to push fake antivirus software, pretending to offer free services

Cyber-criminals are continually switching tactics to trick users, even going offline to work their scams by phone. People are handing over credit card information or downloading malware thinking they are actually fixing a security problem, said security researchers.

In the antivirus cold-calling scam, call centres contacted users claiming to be support staff from Microsoft calling to make sure “the system is okay”, Graham Cluley, a senior technology consultant at Sophos, told eWEEK. The scam has other variations, with the caller pretending to be a security consultant or a representative of the user’s internet service provider.

Globalisation On A Criminal Scale

Criminals are renting out cheap call centres in India to randomly cold-call users to make sure the latest malware was not affecting their computers.

The callers follow a script that has users look in the low-level “techy” areas within the Control Panel, Event Viewer, or the registry, with a number of scary-sounding errors, cryptic messages and warnings, Cluley said. As the user confirms seeing certain messages, or reads back various parts of the screen, the caller explains those are problems and then springs the trap.

Improved security products are making it harder for Web-based attacks and scams to succeed, but “telephones bypass the technology and go straight to the weakest link in the chain, the user,” wrote Fraser Howard, a principal virus researcher for Sophos Labs, in a blog post.

“We are suffering from our success. For 20 years we’ve been telling people they need to be aware of security,” said Cluley. Users have been told repeatedly that they should update their operating system or install patches when prompted, and scammers are now exploiting that awareness to scare users into taking immediate action, he said.

Some calls follow a slightly different script. Instead of claiming a customer service where they are “just checking”, the caller may claim to know issues already exist, saying “malicious traffic had been spotted” coming from the user’s computer, according to Howard. The script may include other phrases designed to panic the user, such as “junk and infected files”, or “destroy software, Windows and important files on my computer”.

Once the users are convinced there is something wrong with their PCs, they are sold security software that would “clean up the problem”, or it may request remote access in order to fix the issues. Cyber-criminals later exploit the backdoors the software creates, said Cluley. The downloaded file may just be a fake antivirus, or it could be more malicious and allow the criminal to take over the computer, said Cluley.

Even though the caller “just incurred an unexpected support expense”, the caller ends up feeling “relieved”, wrote Paul Ducklin, the head of technology for Sophos in the Asia/Pacific region.

Fake antivirus and malware distribution is a lucrative business, with security researchers estimating revenues of more than £65 million a year. Considering the financial rewards, scammers investing in the call centre to drive more sales is “clearly justifiable”, wrote Howard.

“Use your common sense,” said Cluley. “Users need to think about why Microsoft or some other big company would bother calling people individually to offer free support. It would be too expensive.”

However, the scam is made more effective by the fact that some companies and ISPs do call users when they notice a problem. Ducklin said users should hang up on these calls and, if they want to verify if the call was legitimate, they should call the company back on a published number.