Tech support scammers are targeting mobile users, researchers say

The US Federal Trade Commission also reported scams offering refunds for bad tech support service

Scammers have devised new ways to trick users into revealing personal information, hand over control of computers and pay for unnecessary software and tech support services, security experts warn.

Researchers from security firm Malwarebytes recently came across a tech support scam targeting smartphone and tablet users, and the U.S. Federal Trade Commission warned consumers earlier this month about scams offering tech support refunds.

Tech support scams typically involve scammers making unsolicited calls to users and posing as technical support specialists responding to malware infections or other problems allegedly detected on their computers. This type of cold-calling scam has become common in recent years, especially in English-speaking countries, and prompted warnings from consumer protection groups, government agencies and security companies.

The scammers use professional and technical language to gain users' trust and ask them to download and install remote access programs on their computers. They then connect to those computers and open various system utilities like the Windows event viewer or registry editor to show victims errors in an attempt to prove their computers have a problem.

The goals of these scams can be to enroll victims in unnecessary tech support services, trick them into buying useless security software, install malware on their computers, or steal their credit card and personal information.

Tech support scammers have targeted both Windows and Mac OS X users in the past, but it seems they are now expanding into the mobile market space.

"Companies involved in these scams can use one of two methods (or both) to reach out to potential victims: cold calling and/or online advertising," said Jerome Segura, a senior security researcher at Malwarebytes, in a blog post Monday. "While paying for ads requires a certain budget, ads have the advantage of funnelling higher quality prospects because people are actually already experiencing an issue."

Segura recently searched for "Android slow tech support" on Bing from his Android tablet and the first two sponsored results -- paid ads -- led to sites from companies offering tech support for tablets and smartphones. He called the toll-free number listed on one of the sites and, according to him, what followed was clearly a tech support scam.

The alleged support technician asked Segura to connect his phone to his computer and then install remote access software on the PC so he can access the phone. After connecting through the software and browsing through the internal storage of the phone, the technician claimed a malware infection on the PC was actually causing problems on the whole network and affecting the Android phone when using Wi-Fi.

He then claimed a file called rundll32.exe, which is actually a legitimate Windows system file, was the problem and claimed it had also been installed to the phone. From a technical point of view, this doesn't make sense since Windows executable files can't run on Android.

"It's quite hard to keep your composure when hearing such blatant lies," Segura said. "It's not that the technician is poorly informed but he is in fact fully aware of what he's doing and yet does not have a problem with it at all."

The technician then proceeded to delete some files from the Windows Prefetch folder and then restored them using a keyboard shortcut, claiming this was a sign of the infection reappearing. He then told Segura that he needed to buy a 12-month tech support subscription that cost US$299.

"The scary thing is that many people that aren't too tech-savvy will believe these words at face value and end up paying several hundred dollars for dubious services from rogue technical support companies," Segura said.

While in this particular case scammers used online ads to target smartphone and tablet users, Segura believes they will most certainly use unsolicited phone calls as well. They might also ask users to install remote access software directly on their mobile devices in the future, he said.

Segura's report comes after the U.S. Federal Trade Commission warned consumers about a different scam targeting users who might have previously been tricked by tech support scammers.

It involves scammers calling users and offering them refunds for unsatisfactory tech support service, Nicole Vincent Fleming, a consumer education specialist at the FTC, said in a blog post Jan. 3. There's also a variation where refunds are offered because the tech support company is going out of business, she said.

The goal is to trick users into providing their bank account information in order to process the refund.

"They might say that you need to create a Western Union account to receive the money," Vincent Fleming said. "They may even offer to help you fill out the necessary forms -- if you give them remote access to your computer. But instead of transferring money to your account, the scammer withdraws money from your account."

Join the CSO newsletter!

Error: Please check your email address.

Tags Federal Trade CommissionsecurityMalwarebytesscams

More about Federal Trade CommissionFTCMalwarebytesWestern Union

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place