MENUMenuIcon OUR STORY

SLASHNEXT LABS

THE KNOWLEDGE CENTER

BLOG

VIEW CATEGORIESHIDE CATEGORIES
SlashNext Labs SlashNext Labs

Technical Support Scam Making Auto Calls

February 12th 2018

Technical Support Scam Making Auto Calls

Technical support scams use scare tactics to trick gullible victims into believing that their computer has either crashed or that a virus has been detected on their computer. These scams try to lure victims into calling a fake technical support hotline which, if successful, can lead to telephone fraud. The goal is usually gaining remote access to the system and collecting sensitive user information. On top of that these scammers may ask their victims to pay for their fake support.

Once connected, agents may:

1) Install malware for remote access or data exfiltration;

2)  Disable endpoint protection or re-configure them to whitelist, trust or ignore tools that these scammers may want to use. According to Microsoft, three million people each month fall for these tech support scams and majority of those affected are from first world countries. At the top of the list are United States, Australia, Singapore, Canada and United Kingdom.

These tech support scams are not easy for a normal person to detect as the phishing tactics being used by these scams are quite sophisticated.

Usually a technical support scam would ask victims to call a Toll-Free number listed on the Phishing Page. However, our system has recently identified an attack that takes it to the next level. Instead of requesting victims to call a toll-free number, the page automatically launches the default calling application like FaceTime for Mac users. A nervous user is more likely to click on the call button instead of dialing a number manually, increasing scammers chance substantially. Once the call button is pressed a call is made to the data center run by these scammers.

The URL of this sophisticated technical support scam is shown below:

hxxp://technicaliossupport[.]info/indexb6c3.html

(where the xx and [ ] are inserted to protect the innocent)

Below is screenshot of the phishing page automatically opening the FaceTime calling app.

Another interesting trick being used by this phishing page is creation of a Java based html anchor tag. This tag appends a numeric string “5555555555” in a loop that runs 200000 times, creating a string millions of characters long. The JavaScript then attempts to render this anchor tag 6 times which effectively causes the browser (process) to halt. Unskilled users, who would likely not be able to even close their browser, are more likely to click/call for support.

The growing trend of creating Socially Engineered Phishing attacks, that are both malware-free (not file/object based) and exploit-free (not taking advantage of a specific software vulnerability) is a clear sign of rapid Threat Landscape shift where the use of Drive-By attacks is declining and being replaced by direct manipulation of internet users using phishing. Making matters worse when it comes to Phishing, delivery methodologies are abundant, user trusted entities are easily leveraged, and protection mechanisms are almost non-existent.

There are only two solutions to this growing problem. Either build computer programs that are intelligent and trained enough to understand the phishing intent and intercept these attacks in real-time, or attempt to train all internet users to the extent where they can detect hundreds of variants of these phishing attacks.

At SlashNext we think the first choice is clearly the only realistic option.

What’s your take?