ITsecurity
twitter facebook rss

Support Scams: Splashes in the Phish Pool

Posted by on October 21, 2015.

Dan Goodin wrote yesterday for Ars Technica that Support scams that plagued Windows users for years now target Mac customers, complete with a Malwarebytes screenshot of a fake Safari alert. In fact, Malwarebytes has, for quite a while, been reporting the way in which support scammers have added pop-up alerts to their armoury, although I still see plenty of reports of the classic cold-call-from-‘Microsoft’ version of the scam. The advantages (to the scammer) of this evolution include:

  • The scammer can wait for the victim to call the number given in the ‘alert’ rather than spend time cold-calling the somewhat over-phished pool of potential victims
  • Because the ‘problem’ is right there on the victim’s screen, the scammer doesn’t have to spend more time trying to ‘prove’ that a problem exists by misusing and misinterpreting Windows utilities such as Eventviewer
  • Best of all (for the scammer), the scam is multi-platform. We’ve seen it targeting users not only of Windows, but of OS X, iOS, Android and Linux. In other words, a whole new phish pool.

However, Goodin’s story was based on a new article by Jérôme Segura about how Tech Support Scammers Impersonate Apple Technicians. Jérôme has shared lots of interesting information about this scam – he’s doing much more research on it nowadays than I am – but perhaps the most interesting aspect of this particular attack is that it uses the classic phish technique of using a scam site registered as ara-apple.com, obviously intended to masquerade as Apple’s real ara.apple.com support site. Jérôme says that Malwarebytes has contacted the registrar (GoDaddy) and hosting provider(Liquid Web). At the time of writing, however, the fake page is still accessible and presenting links to remote access utilities (TeamViewer and ISL Light Client), as well as the all-important links for processing your payments to the scammer.

ara-apple2 copy

Malwarebytes maintains a useful support-scam-related resource page, and I maintain another at AVIEN, though mine is mostly summaries of and links to articles (by me and others). I’ve also published several papers on the topic at ESET (sorry for the plug, but that is where I do most of my writing!):

David Harley

 

One thought on “Support Scams: Splashes in the Phish Pool

  1. Lite Brite on said:

    It is essential to keep all aspects of your business safe, both physically and digitally. We’ve got the physical part covered, and are so thankful there are experts like you out there to share information and keep our clients online reputations as safe as possible. Thanks for the warning post.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,