You’re far more likely to be duped into disclosing confidential information if you think you’re speaking to a trusted party. This is the premise on which many a successful scam has been based.
Now it seems fraudsters are posing as legitimate internet service providers (ISPs) in the latest attempts to get hold of web users’ money and personal data.
The new scam, which has been discovered in both the US and UK, involves attackers using web pages and pop-ups containing the branding of their victims’ ISPs to offer bogus tech support via phone or online – ironically, the messages falsely claim the user’s device has been infected, and that assistance is necessary.
When the offer of help is accepted, victims are either tricked into downloading malicious software or persuaded to sign up for non-existent support services using a credit or debit card.
Be sure you know who you’re talking to
The scam is a new take on an older method which involved the attacker cold-calling victims to offer similar ‘help’, often while pretending to represent Microsoft. The online version takes things a step further, however, with the culprits using infected ad space on legitimate sites to determine links between IP addresses and ISPs. This way, victims can be targeted more effectively with the right branding.
US security company Malwarebytes said it first noticed pop-ups purporting to be from American and Canadian providers, such as AT&T and ComCast, although it also claims to have seen pages created with the branding of TalkTalk and BT – two of the UK’s most prominent suppliers.
Proving just how dangerous the scam can be, one of Malwarebytes’ consultants, Jerome Segura, admitted he was almost caught out by one of the pop-ups.
He went on to say: “Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling.”
BT has already moved to ease its customers’ concerns, saying it was currently investigating the issue.
