Crooks are making millions of dollars defrauding unsavvy users with fake online tech support. The scam is simple but yet effective and has gone through many variations over time.
We've documented several tricks and fake alerts on this blog, in particular those that lock the user's browser with fake warnings and audio alerts.
Scammers can be very creative, simulating the Blue Screen Of Death (BSOD) or even stealing templates used by security companies.
In their latest iteration, the tech support scammers are going for maximum shock effect by locking people's browser with a nasty collage of hardcore pornographic pictures in the background.
Figure 1: A disturbing set of hardcore pornographic pictures with a "System At Risk" warning.The page at pc-care365.net/Alert.htm reads:
System At Risk!! Due to Suspicious activity detected on the computer, Critical errors have been found. Error Code - S1L457. Call customer technical support and share this code with the agent. Customer support number- 1-844-709-0775 Call Customer Technical Support at 1-844-709-0775 and share this code with the agent.These pages and pop-ups always seem to come out of the blue, as you simply browse the net. Then, getting rid of them via the conventional close button is nearly impossible.
Figure 2: The alert message abusing the 'alert()' methodSome users might just be frightened to see that their computers could have a bad virus and that they might lose all of their data. Others, desperate to close the page, will call the support number provided on the pop-ups.
Going for pornographic material is not entirely surprising. Traditional ransomware has done that long ago already in some cases going as far as displaying child pornography on the user's device.
This tactic can be quite effective since anyone caught with this on their screen will most likely feel embarrassed enough not to reach out for help with a friend or IT guy, and instead follow the on-screen instructions which involve calling a toll-free number.
Unfortunately, the toll-free number will redirect to one of many boiler rooms filled with agents often pretending to be Microsoft Support. They will ask the victim to download a program that will allow them to remotely access and control the computer.
Figure 3: The remote technician does his sales pitch, not really bothered by what's on screenWhat follows next is the typical snake-oil sales pitch (your computer has viruses, infections, etc.) for a pricey and bogus online 'Microsoft support service'. For the unlucky ones, identity theft and destruction of their data and computer can also happen.
Please check out our online resource page for assistance and tips when faced with tech support scams.