Technical Support Scams Target Victims via Spam Emails
The Dreaded BSOD
Many users are familiar in seeing the dreaded Bluescreen of Death, or BSOD, when their computer decides to go haywire. These errors can be triggered for multiple reasons, such has hardware problems, driver conflicts, or memory issues. In order to resolve the problem, it often times takes a bit of work to diagnose the issue, as rebooting the computer won’t always solve the problem.
The BSOD is a screen that none of us like to see, and often cause our hearts to sink, as we tend to think the problem is very serious. This is why tech support scammers are using this tactic to trick victims into calling for help.
Fake Browser Bluescreens of Death
Recently, our CEO, Rob Cheng, received a very odd email which asked him to click on a link. Of course, being the technically savvy CEO that he is, he didn’t click on it, but had our research department look into what the link was doing.
The research team discovered that clicking on the link would redirect you to different pages, depending on which browser you are using.
When using either Firefox or Chrome, the URL took you to a page that tried to push “alternative medications”, called Geniux, which supposedly helps boost brain activity.
However, using Internet Explorer, the URL takes you to a fake bluescreen of death, and even plays an audible warning telling you that your computer is infected with malware.
In addition to the fake bluescreen of death, Internet Explorer users are blocked from exiting the page, because of a dialog popup. This popup cannot be closed, unless you forcefully exit the browser with Task Manager, or another process explorer tool.
We believe the reason they display the fake bluescreen of death only on Internet Explorer, is due to the way Chrome and Firefox handle persistent popups. In Chrome and Firefox, the user can block the webpage from creating additional dialogs/popups.
If the browser is running on a Mac or an iPhone, the website will change to alert the user to contact Apple Care, instead of Windows Support. The miscreants do this to ensure they cover as much grounds as possible, and trick the victim into calling for support. In the victim’s mind, they may be thinking that this alert is actually legitimate, since it knows that they are running a Mac computer, and not Windows. Unfortunately, at the time of writing this blog, the URL, shown below, was not available.
As the fake tech support scam websites are reported to the hosting companies and Domain Name Registrars for abuse, tech support scammers are making sure they spread the webpages, by cloning the website and uploading it to a new domain name.
In the screenshot above, we can see that the miscreants used a tool called HTTrack Website Copier, to mirror a copy of an existing fake tech support scam from “system-checker-51.nl”. However, if you go to this site today, we can see that it has since been taken down.
In the event you find yourself in a situation where a fake bluescreen of death is on your computer, do not call the number. Instead, simply close out of the browser or restart the computer, and the alert will go away. Be careful about which links you click on. If you don’t expect the sender to send you a link in an email, don’t click on it. Delete the email, and ask the sender (if they are known to you) in a separate email if they truly intended on sending you the link. Also note that Microsoft nor Apple will ever display an alert to call them for technical support. They will never cold call you either; we have seen this tactic used in the past, too.