ISPs another vector for tech-support scams

Article

Tech support scams target victims via their ISP | BBC News

Fraudsters impersonate victims’ ISPs in new tech support scam | Graham Cluley Blog

My Comments

Previously, as I have known from close friends’ experiences, there have been the fake tech-support phone calls claiming to be from Microsoft or another major software vendor. This was with me congratulating a person who wasn’t computer-literate immediately hanging up on one of these calls along with someone else asking another of these scammers for their Australian Business Number (equivalent to a VAT number in Europe).

These scams have evolved to a pop-up message pretending to be from one of the major software firms but asking them to call a number listed on that message. Typically this comes in the form of a virus or pirated-software alert as the message and some of these messages even appear on the lock screen that you normally enter your password.

Now the messages are appearing to come from ISPs, typically the ones who have most of the Internet business in the US, UK and Canada. But this is about the ISP detecting malware on the customer’s system with a requirement to call a fake customer-support number.

In this case, they identify a customer’s ISP based on a “spy pixel” ad on a site infected with malware or a “malvertisement”. The ads are typically served through large ad networks offering low-risk advertising products. This is used to identify the customer’s “outside” or WAN IP address which effectively is the same for all computers accessing the Internet from the same router.

Here, most residential and small-business Internet services have this IP address automatically determined upon login or at regular intervals and is obtained from a pool of known IP addresses that were assigned to that ISP to give to their customers. There is logic in the malware used to identify which ISP a customer is with based which IP address pool the IP address is a member of.

In these cases, call the ISP using the number they have provided you for technical support: typically written on their own Website which you should type in the URL for; written on any documents that you receive from them like accounts or brochures, as part of doing business with them; or by looking them up in the phone book. As well, don’t give any account numbers or personally-identifiable information to unsolicited approaches for technical support that you are not sure about.

But in all cases, you are most likely to initiate the call for personal or business tech support yourself when you need this support because you know your computer and network and how these systems perform. Typically you will approach one of the computer experts in your community, your workplace’s IT department if they have one, or your computer supplier for knowledge or assistance.

Send to Kindle

Leave a Reply


: Please copy the coloured text above