Wednesday, October 5, 2016

Online Scams Go Into Overdrive

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC
Most all of us have heard of the "Windows telephone scam" where cold callers pose as computer support technicians in order to gain remote access to your computer and then demand payment for useless "services". They use various tactics to intimidate and confuse in an effort to extract as much money as possible from their victims.  Even though we still get several calls a month from people who fall victim to this trick, the majority of people are waking up to this type of scam…. but are they really?

The traditional scam is simply being packaged in additional ways:

Look-A-Like Sites
Your printer doesn’t work, so you do a web search for “printer support” or you might even add the manufacturer’s name to your query.  Up pops a whole list of sites to choose from, each claiming to offer help for your printer. 

Many of these support sites pose as the official manufacturer’s web site. And these “Look-A-Like” sites usually provide a toll free number to call, which can also add to the deception.

You click on a link and call the number and the person on the other end answers with a very official sounding introduction. “Thank you for calling Epson Support, how may I help you?”  So far, you think you’ve reached the right number, but these people are about to take you for a ride.

Keep in mind that this doesn’t just include printer support.  We’ve had clients tell us that they’ve made the mistake of calling various “fake” companies for all kinds of support, be it AOL, Microsoft, routers, modems, Gmail, Office, etc…  and the fact that our client initiated the phone call somehow reassured them that it wasn’t a scam. Unfortunately, the results turn out the same. Once they remote on to your system, they'll begin the process of trying to extract money from you and they'll stop at nothing, including using your computer as ransom to get it.

Redirects & Script-Based Attacks
What we once knew as an innocent "information superhighway" has since turned into a minefield. The bad guys are uploading dangerous scripts to both hacked and natively grown web sites. Surprising as it may sound, using an unprotected browser to visit a web page can be all it takes to get infected.
You don't need to accept anything or download anything; By simply landing on an infected web page, your browser can get redirected to another site (without your knowledge) which then begins scanning your computer for any known vulnerabilities in your software or your operating system.  If it finds an opening, it can potentially attack your system and infect it.  This is the primary reason we recommend script blockers like No Script and ScriptSafe.

Malvertising occurs when crooks hide exploits and malware inside of ads. Malvertising can be in the form of pop-ups, drive-by downloads, redirects, embedded content, etc. Malvertising can also simply instruct the user to perform an action that can be detrimental to their system, like calling a support number or downloading an infected file.

To put things in perspective, imagine for a moment that you are on your way to Phoenix, driving up Interstate 10. The speed limit is 75 so you're moving along at a pretty good clip. Up ahead, you can see a billboard on the right.  As it gets within reading range, you notice what it says... "There's something wrong with your engine. Jump out of your car right now!" Now many of you may have snickered a bit when reading this because most of us are smart enough not to jump out of a moving car. But, put us behind a computer and it seems our good judgment is nowhere to be found. For some reason, when the billboard is on a computer, people have a higher tendency to believe whatever instructions they are given.  

The best remedy is to question everything.  Just because you saw it on the Internet does not make it legitimate.