fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Tech Support Scammers Lure Victims With Fake Antivirus Billing Emails

Tech Support Scammers Lure Victims With Fake Antivirus Billing Emails

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. 

While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.

Traditional browser-based tech support scam

These scams are widespread on sites using low-quality ad networks, but it is far less common to receive them via email.

In discussion with Nicolas Joffre, Regional SOC Manager at email security firm Vade Secure, BleepingComputer learned that the new email tech support scam started in March.

This scam began with low volumes of email but quickly escalated into volumes as high as 200,000 emails in a single day. In total, since the scam started, Vade Secure has filtered over 1 million of these emails targeting their customers, as shown by the graph below.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues


The volume of email for current tech support email scam
Source: Vade Secure

The emails pretend to be billing notices from Norton Lifelock, Microsoft, and McAfee that state the recipient will be charged between $350 to $399 for a three-year subscription unless they call to cancel the subscription. The threat actors constantly change the email subjects, but they all pretend to be a billing subscription from a well-known security security company.

As you can see below, one of the tech support scams pretends to be from Norton Lifelock and states that the recipient will be charged $349 for a three-year subscription unless they call the included number to cancel it.

Norton Lifelock tech support scam email
Source: Vade Secure

As these are fake billing notices, the hope is that the recipient will call the number to be tricked into giving remote access to their computer.

When users call into the included phone numbers, the scammers will install various remote access software that threat actors will use to install malware on the computer.

The tech support scam

After learning about the scam, BleepingComputer had to give the included phone number a call to see how these scammers are operating.

When we called the number and told the scammer that we received a Norton subscription notice but do not have the software installed, they quickly asked what security software we use.

When we said we used Windows Defender, they quickly pretended to be from Microsoft and said they would charge over $300 for the subscription unless we cancel it.

To cancel the subscription, we needed to visit the 1800support.weebly[.]com site, which pretends to be a BestBuy Geek Squad support site.

Fake BestBuy GeekSquad support site
Source: BleepingComputer

From there, we were walked through the downloading of the AnyDesk remote access software and told how to enable it for unattended access. Once the scammer took over our computer, they transferred a fake “Sonicwall Approved by the NSA” scanner, as shown below.

Fake SonicWall scanner
Source: BleepingComputer

This program was meant to scare the target into thinking they were infected with something really dangerous and to allow the scammer to continue installing additional software, such as TeamViewer, and to collect personal information.

In reality, the above scanner is nothing more than a batch file that shows the output of the wevtutil.exe command clearing the target’s Windows event logs.

Batch script powering the fake scanner
Source: BleepingComputer

After the tool finished, the scammer asked us to open a Notepad window and input our name, address, phone number, and date of birth, which the scammers told us was needed to process the antivirus subscription refund.

While filling in some nonsense info, they began installing TeamViewer in the background and configuring it for unattended access to our computer.

As this process took too long to complete and surprisingly conducted by a very rude scammer, we disconnected from AnyDesk.

While BleepingComputer did not wait to confirm this scam’s full outcome, Vade Secure believes that this collected personal information is sold to other threat actors for their own attacks. They also believe TeamViewer access will be used later to install malware or enlist the device into the threat actor’s spam botnet.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Unfortunately, many people fall for these scams and provide threat actors remote access to their computers. Sadly, it is even more common for older people to fall for this scam as they may not have much experience with computers and are told attackers are trying to drain their bank accounts.

The best line of defense against scam emails is never to call a phone number included in an email stating that you owe money. Instead, you should visit the company’s site and contact the number listed there to confirm if an email is valid or not.

Even more importantly, no legitimate company will require you to give them remote access or ask you to download software to process a refund.

As soon as a person tells you to do that, you should immediately consider it a scam and hang up the phone.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us