Security firm Malwarebytes has shared details about an innovative spin on the age-old tech support scam is tricking some of its unsuspecting users into losing control over their computers.
The fraudulent campaign begins with fake renewal invoices with a high enough amount to make readers take notice. Malwarebytes caught on to the grift when the fraudsters began using the name of its own malware removal products in the invoices.
“This particular scheme has been very active for the past few months and it is difficult to estimate how many people fell victim to it,” says Malwarebytes in a blog post as it shares extensive details about the campaign.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
The objective of the fraudulent email is to grab the attention of innocent users, making them call the helpdesk numbers to dispute the charge.
During the call the malicious users request the victims to download remote desktop access apps such as TeamViewer. They then sweet talk the victims to share their credentials, which they then use to commandeer the machine. They also install another program (SupRemo), which allows them to re-establish the remote connection without further details for the victims.
Malwarebytes unraveled the modus operandi of the schemesters by playing victim to the scam, leading them into a virtual machine designed for scambaiting operators of such tech support scams.
According to Malwarebytes’ analysis, this particular scam is being run out of New Delhi, India. They’ve also shared other details, including screenshots of the fake invoices as well as the tech helpdesk numbers.