Google, Facebook, Twitter and AOL have joined forces to stamp out fake tech support services where customers are fooled into calling bogus technical support lines, where they are encouraged, not to fix their comptuer, but to install malware - or give away details crucial for identity theft.
PC Advisor reports that the new organization, TrustInAds, found more than 4,000 suspicious advertiser accounts linked to 2,400 “tech support” websites.
“Among the legitimate online ads offering valuable tech support services to consumers are some from bad actors attempting to prey on unsuspecting internet users,” said Rob Haralson, Executive Director of TrustInAds.org.
“These bad actors, often highly sophisticated, go to great lengths to hide under the radar from the manual reviews and automated filtering technologies used to catch fraudulent ads.” The move comes in the wake of a Senate report on malicious advertising, which advised that technology giants should take a more active role in preventing it, as reported by We Live Security here.
Although the numbers of such scams were small, compared to other internet threats, the impact was large, Harrison said. “These scam advertisers were often presenting themselves as official representatives of companies of the products for which the users were needing support, and having them download and install special software as the initial step to solving their issue. The downloaded program - unbeknownst to the user - contained malicious software with viruses, spyware, adware, keystroke loggers and other harmful applications.”
ESET’s David Harley reports on a wide variety of these damaging scams - and says that the criminals are using more sophisticated techniques, as in this 2014 scam reported here, where Harley says the scammers pretend to be Netflix, rather than Microsoft, and use a dual technique where the victim is encouraged to download Netflix “Support Software” and speak to a Microsoft Certified Techniciian.
“These miscreants are trying harder than ever,” says Harley.
The new organization, TrustinAds, has a dedicated page with information on how to easily report tech support scams and other forms of malicious advertising to AOL, Facebook, Google and Twitter’s platforms.
Trust in Ads aims to publish regular reports warning advertising networks and government representatives about new scams, in regular Bad Ads Trend Alerts, published freely online as PDF files. A Bad Trend Alert dealing with tech support scams can be found here. It provides a very basic guide to how such scams work and offers (good) advice such as: “Never give your password over the phone. No legitimate company will ever ask you to provide your password to your account over the phone. Be suspicious when asked to download software. At no point should you be required to download a piece of software from a third-party tech support provider in order to solve your issue.”
ESET’s Harley has written extensively about such scams for We Live Security - his accounts of the various techniques used offer a deeper understanding of tech support scammers and their work.