Victims Lured with Fake Antivirus Billing Emails by Tech Support Scammers
Scammers Impersonate Microsoft, McAfee, And Norton Representatives to Target Users with Fake Antivirus Billing Renewals in A Large-Scale Email Campaign.
Every once in a while, most people browsing the web have fallen victim to tech support scammers. In most cases, they are redirected to a tech support scam website that pretended their computer is infected and then persuades them to dial a displayed phone number.
Fraudulent tech support scammers are well-known for taking advantage of unsavvy computer users by reeling them in with such scare tactics and charging large amounts of money for fake services.
In most cases, these threat actors sell free security products (or straight up pirate them) for hundreds of dollars more than their actual retail price. Security vendors may not be aware of these practices let alone what kind of sales tech support scammers use to force those sales.
Image Source: BleepingComputer
In general, these scams are widespread on sites using low-quality ad networks, but it is far less common to receive them via email.
According to BleepingComputer and Vade Secure’s Regional SOC Manager Nicolas Joffre, the new email tech support scam started in March. At first, there were low volumes of email but quickly the numbers went as high as 200,000 emails in a single day. Since the scam started, Vade Secure has filtered over 1 million of these emails targeting their customers.
The emails pretend to be billing notices from Norton Lifelock, Microsoft, and McAfee that state the recipient will be charged between $350 to $399 for a three-year subscription unless they call to cancel the subscription. While threat actors constantly change the email subjects, they all impersonate a well-known security company.
Image Source: BleepingComputer
Tech support scammers hope that the recipient will call the number to be tricked into giving remote access to their computer.
As users dial the included phone numbers, the scammers install remote access software that threat actors will use to install malware on the computer.
How to Stay Safe
The best protection against tech support scams remains user awareness and extreme caution whenever facing one of those fake warnings. The scammers’ one and only weapon is social engineering since they rely on people believing their made-up stories. If you are able to spot fake alerts and pop-ups, stay away from them and do not call the toll-free number.
If you are interested in helping out in preventing email fraud, please write down the URLs, phone numbers, and other details you are able to grab (screen captures also help). These can be reported on various forums to help shut down those scammers’ distribution points and help law enforcement go after them.
For more details on how to recognize email fraud and how to stay safe from such attacks, make sure you check my colleague Elena’s guide on How to Report Email Fraud.