Scam as a service 2: the B team

Tech Support Spam Plague LinkedIn and Other High-Traffic Sites

To our readers, consider this a heads-up.

It has come to our attention that technical support spammers have been shamelessly marketing their “services” on LinkedIn by taking advantage of the social network’s generally free features.

We believe that whoever was behind these campaigns created fake, bare-bones accounts, such as the one below, which they then use to create group accounts.


click to enlarge

These group accounts then serve as an advertising platform to get potential clients to dial those numbers or entertain callers coming from them. Below are screenshots we’ve captured on some of the groups we found via a simple search:

These posts purportedly cater to companies in the anti-virus (Norton, Kaspersky, AVG), email (Outlook, Hotmail), and telecommunication (Comcast) industries and others.

We did some more digging on the web for the phone numbers posted and found that the spammers went beyond LinkedIn, too. Below is a screenshot of some of the results we got:


click to enlarge

Social networks that target a variety of users, such as Facebook, YouTube, PinterestQuora, and others that welcome free public postings, were also made into inadvertent launchpads for supposed technical support campaigns.

Below is the collated list of phone numbers we’ve seen so far. We strongly advise readers to never call or accept calls from them. We also remind you that the numbers and URLs (further below) are posted here for reference purposes and proactive blocking or blacklisting on your end only: 1-800-231-8174 1-844-695-5369 1-844-449-0455 1-855-482-6468 1-844-952-7360 1-888-399-9656 1-855-867-5844 Some of the phone numbers are tied to sites claiming to be valid technical support service sites. We looked into them, as well. Screenshots below:

These sites offer resolutions to email issues, such as locked accounts, forgotten passwords, and deleted emails (among others) – generally, concerns that the email providers themselves can address for free for any of their users.

Enlisting the help of a third-party that is not related to the service you’ve signed up for can potentially be seen as a violation of the TOS of that service. Providers like Gmail prefer that users with account concerns address the matter themselves with the aid of guides and options provided to them. Not only that, having a third-party assist you in getting back access to your account also gives them the privilege to access said account, which is something we don’t want.

Below are some of the URLs related to the spam campaigns: hxxp:// hxxp:// hxxp:// hxxp:// hxxp:// As of this writing, both hotmailsupportinfo[DOT]com and gmailaccountpasswordrecovery[DOT]com are already down. Short lifespan of a URL in relation to these kinds of services can be seen as a potential red flag.

To find out more about how to keep yourself safe from potential tech support dangers online, visit our resource page.