Fake tech support stings are on the rise, but moreover, fraudsters are now managing to make their scams seem more legitimate.
These sort of scams – which can be carried out by phone, or online – are getting more sophisticated in the latter case, security company Malwarebytes has observed.
New variants have been spotted in both the UK and US in which the criminals hit the potential victim's browser with what appears to be a genuine pop-up message from the target's ISP. And crucially, the fraudsters get that ISP correct, making the target more likely to fall for the scam.
The scammers can glean information about the victim's service provider from malware-toting online ads which can be used to sniff out their IP, and subsequently work out their ISP.
Malwarebytes says it has seen false web pages – which give out warnings of detected malware and a number to call for 'help', i.e. to have your machine compromised – purporting to be from TalkTalk and BT in the UK, and Comcast and AT&T over in the US.
After discovering one of the false pages, Jerome Segura, Lead Malware Intelligence Analyst at Malwarebytes, told the BBC: "It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam."
Of course, you should always be wary of any message that pops up telling you about a virus infection, as this is the most common way for fraudsters to grab people's attention and get them to panic and take 'action' without thinking.
With any communication supposedly from your ISP, just like anything from your bank or similar, you should check its legitimacy separately and directly with the source, and not the link or phone number provided in the message (as obviously that's part of the sting).
Although sometimes getting through to your ISP on the phone to verify things can be problematic, as the report notes in the case of BT. But that's another issue entirely…
While we haven't come across this particular online scam with a false web page, we've certainly received a number of cold phone calls claiming that our Windows machine has a virus. Telling them that you're confused because you have a Mac which runs OS X, not Windows, tends to work quite well, and the phone line inevitably goes dead instantly.
At any rate, these days you should always bear in mind that scammers are most certainly out there, and apparently getting more brazen when it comes to online stings.