Categories: SecurityWorkspace

Cold-Calling Cyber-Criminals Tout Fake Antivirus

Cyber-criminals are continually switching tactics to trick users, even going offline to work their scams by phone. People are handing over credit card information or downloading malware thinking they are actually fixing a security problem, said security researchers.

In the antivirus cold-calling scam, call centres contacted users claiming to be support staff from Microsoft calling to make sure “the system is okay”, Graham Cluley, a senior technology consultant at Sophos, told eWEEK. The scam has other variations, with the caller pretending to be a security consultant or a representative of the user’s internet service provider.

Globalisation On A Criminal Scale

Criminals are renting out cheap call centres in India to randomly cold-call users to make sure the latest malware was not affecting their computers.

The callers follow a script that has users look in the low-level “techy” areas within the Control Panel, Event Viewer, or the registry, with a number of scary-sounding errors, cryptic messages and warnings, Cluley said. As the user confirms seeing certain messages, or reads back various parts of the screen, the caller explains those are problems and then springs the trap.

Improved security products are making it harder for Web-based attacks and scams to succeed, but “telephones bypass the technology and go straight to the weakest link in the chain, the user,” wrote Fraser Howard, a principal virus researcher for Sophos Labs, in a blog post.

“We are suffering from our success. For 20 years we’ve been telling people they need to be aware of security,” said Cluley. Users have been told repeatedly that they should update their operating system or install patches when prompted, and scammers are now exploiting that awareness to scare users into taking immediate action, he said.

Some calls follow a slightly different script. Instead of claiming a customer service where they are “just checking”, the caller may claim to know issues already exist, saying “malicious traffic had been spotted” coming from the user’s computer, according to Howard. The script may include other phrases designed to panic the user, such as “junk and infected files”, or “destroy software, Windows and important files on my computer”.

Once the users are convinced there is something wrong with their PCs, they are sold security software that would “clean up the problem”, or it may request remote access in order to fix the issues. Cyber-criminals later exploit the backdoors the software creates, said Cluley. The downloaded file may just be a fake antivirus, or it could be more malicious and allow the criminal to take over the computer, said Cluley.

Even though the caller “just incurred an unexpected support expense”, the caller ends up feeling “relieved”, wrote Paul Ducklin, the head of technology for Sophos in the Asia/Pacific region.

Fake antivirus and malware distribution is a lucrative business, with security researchers estimating revenues of more than £65 million a year. Considering the financial rewards, scammers investing in the call centre to drive more sales is “clearly justifiable”, wrote Howard.

“Use your common sense,” said Cluley. “Users need to think about why Microsoft or some other big company would bother calling people individually to offer free support. It would be too expensive.”

However, the scam is made more effective by the fact that some companies and ISPs do call users when they notice a problem. Ducklin said users should hang up on these calls and, if they want to verify if the call was legitimate, they should call the company back on a published number.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

View Comments

  • Just had one of those call. Person barely speaking English was Reading from a script (obvious) insisted the server was blinking telling us of a confirmed infection issue. Was asked to switch my computer on and to open files off-line, Which I chalanged and refused. He then became forcefull to the point of being rude. When I asked if they called everyone,he answered that they were working in our area. This rang bells to me and put the phone down. I hope the more naive people can be made aware of these tactics.
    This website is great in allarming us of new scams. Thank you

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

1 day ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

1 day ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

1 day ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

2 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago