We have all received a fake tech support call from someone claiming to be a Microsoft employee. Now there is a new twist on the scam involving a fake screen pop-up and tech support fakers who claim to be from your Internet service provider. Google has an extensive collection of fake tech support pop-ups, these are all fake. Take a look.
We have reported on this issue several times in this blog. Like here and here and here. Or here. I have written quite a bit on this subject, because people I know and care about, clients, family members, friends, continue to fall for this exploit. I don’t know why someone who can successfully ignore the “Check Engine” light in their car for thousands of miles will panic and immediately respond to and fall for these kinds of alerts. Next time, take a deep breathe, convince yourself it is probably fake, and call your own tech support first.
This has been reported by the FBI on the IC3 website, and by tech blogger Graham Cluely. If you want more details click through to their posts.
The current scam starts with a very realistic screen pop that looks like your ISP would have sent it. How do the scammers know who your ISP is? It starts with an infected advertisement on a legitimate website. When you visit the website, the ad will download a malware application that captures your IP address. Since your ISP assigned your IP address from a block that they have been assigned, and since those assignments are public information, it is easy for the attackers to figure out your ISP. You can do it yourself at www.whatismyIP.com. Look at line 4. See how easy it is?
Then they deliver a realistic looking page similar to the one above, but customized for your actual ISP. So if you use Comcast, it will appear to be from Comcast, with Comcast logo and colors.
If you call the number, a helpful foreign call-center “tech” will explain your “problem” and claim to fix it. You will be asked to pay a fee of $300 or more. If you refuse, they will have installed a screen lock on your computer, so the next time your start your computer, the screen lock will display the phone number again, and you will need to pay them to get the screen lock password. At this time there does not appear to be a way around it other than wipe the drive and reinstall everything.
Your defense is suspicion, doubt, and refusal to play the game. You should contact your ISP directly using the phone number on their website or invoice, and ask if they are providing this service. Better yet, if you have a relationship with a computer support company, or your business has it’s own IT department, run the error message past them. Under no circumstance that I can think of should you ever trust your computer to a total stranger, especially one that is obviously in a foreign country. Let’s be smart about tech support scams.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com