Scammers are now using links in phish-like emails to lead potential victims to fake tech-support sites.
The new tactic, noticed by Microsoft’s Malware Protection Center, marks an evolution in bogus tech-support scams that allow criminals to cast a wider net in search of fraud victims.
Historically, tech-support scams have cold-called targets. But more recently they have used a combination of malicious ads that automatically redirect victims to a bogus tech-support page, and malware that displays a fake Blue Screen of Death (BSOD) or other bogus Windows security alerts.
Online criminals meanwhile have long used mass email to spread links to bogus online bank and email login pages to phish credentials.
Tech-support scammers are now using nearly identical techniques, sending email purportedly from well-known brands such as LinkedIn, Alibaba, and Amazon. The email pretends to be an invoice, canceled order or social-media message that contains dodgy links hidden in seemingly harmless text.
“However, instead of pointing to phishing sites designed to steal credentials, the links lead to tech-support scam websites, which use various scare tactics to trick users into calling hotlines and paying for unnecessary ‘technical support services’ that supposedly fix contrived device, platform, or software problems,” explain Microsoft malware protection researchers Alden Pornasdoro, Jeong Mun, Barak Shein, and Eric Avena.
The links in the email generally point to a compromised website that, as with existing tactics, automatically redirects visitors to the scam site. Once there, visitors face a range of social-engineering techniques, such as bogus security-alert popups, to convince them to call the fake support call center.
One advantage of using phishing email, as Microsoft notes, is that it allows scammers to cast a wider net in addition to existing tactics.
Microsoft’s data indicates that three million users each month are exposed to tech-support scams, with most of those affected coming from wealthier nations including the US, UK, Canada, Australia, France, and Spain.
The most widespread tech-support scam malware is known as TechBrolo, which Microsoft calls “support-scam malware on steroids“, thanks to its use of a looping dialog box that effectively locks the browser, and an audio file that describes the supposed problem and urges the user to call a support number.
Microsoft notes Windows 10, Outlook.com, Edge, and Exchange Online Protection have a number of features that combine to block tech-support scams and threats targeting the inbox.
Edge can also stop dialog loops by allowing the user to prevent a specific page from creating more pages. Microsoft is also working on a feature for Edge that allows the user to close the browser or specific tabs when this is a popup or dialog message.
Finally, it’s worth noting that Microsoft doesn’t proactively reach out to users to offer unsolicited tech support. However, users can contact Microsoft via its real support page.
More on Windows 10 security
Microsoft will be adding a number of new security features to Windows 10 Fall Creators Update, but for Enterprise and Windows Server users only.
Microsoft doubles down on enterprise security features ahead of the Windows 10 Fall Creators Update.
Microsoft has outlined how its new security app, due in the Creators Update, will bring together all Windows 10 security information and won’t prevent you from using third-party antivirus.