Week 41: Fake support scams – now with phishing

15.10.2024 - In fake support scams, criminals pretend to be from an IT company – such as Microsoft – in order to convince their victims to give them remote access to their computers. In a new type of fake support scam that has recently been reported to us, the scammers also try get hold of the victims’ login details.

In typical fake support scams, the scammers call random people and pretend to be from an IT company. They may tell you that malware has been found on your computer and, in order to remove it, request access to your device. If you comply, the scammers steal your money or banking details, or install real malware on your computer.

In another form of this scam, your browser may suddenly lock up while you are surfing the web, and display a message saying that you are unable to access your computer because of malware. You are instructed to call a hotline – usually a Swiss number – which is displayed repeatedly and sometimes in a very aggressive way. You may also hear a voice over the loudspeaker, warning you of the supposed problem.

Fake screen lock pages are triggered either by manipulated ads or by hacked websites. When you access a website, dozens of other websites that provide additional content may also load in the background. By manipulating one of these other sites, scammers can insert their own content – for example, a fake screen lock message. In most cases, however, neither the browser nor the computer is actually locked. The supposed problem can be easily solved by simply closing the browser or restarting the computer.

If you call the number displayed on your screen, the scam will unfold in the same way as any standard fake support scam: the criminals will ask you to give them remote access to your device so that they can remove the supposed malware. Their aim, as usual, is to steal your money, bank details, or to install real malware on your device.

A new twist to this scam was reported to us last week: in addition to a lock screen and a number to call, a box appears for you to enter your username and password. It seems that the scammers are trying to expand their business with this approach.

  A typical fake support scam lock screen with additional username and password fields.
A typical fake support scam lock screen with additional username and password fields.

We have not been able to determine what exactly happens to the data entered into these fields. The scammers may be selling the information on the black market for a bit of extra money. Or they could be using it as part of the scam, when a victim calls their bogus support number. For example, the fake support rep could feed the victim's login details back to them in order to ‘prove’ to them that their computer has been hacked.

Recommendations

  • Do not call the number displayed;
  • Close your browser or restart your computer;
  • Do not give anyone remote access to your computer; if you do, your computer could be infected:
  • If you have given someone remote access to your computer, contact a specialist immediately to have your computer checked for malware.

Be sceptical if you receive phone calls or see messages on websites that require action on your part and that carry a threat of consequences (loss of money, criminal charges or criminal proceedings, blocking of an account or card, missed chance, misfortune) if you do not do what is required.

Last modification 15.10.2024

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2024/wochenrueckblick_41.html