A scam that was discovered last month that involved cyber-criminals invading Microsoft Azure Cloud Services reportedly remains ongoing. According to Malwarebytes’ threat intelligence team, the scam has continued but with a new trick: utilizing paid search results.
Instead of targeting victims through false emails claiming to be from Microsoft or Apple, scammers have been buying ads displayed on major internet portals to target an older demographic to drive traffic to decoy blogs that then redirects victims to a browser lock page, according to researchers.
“To support their scheme, the scammers have created a number of food-related blogs. The content appears to be genuine, and there are even some comments on many of the articles,” the researchers wrote.
Though it’s been going on for months and the method of deception remains the same, researchers said the scheme has intensified recently. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months,” the researchers wrote.
Scammers tricked users into believing their computers have been compromised via these blogs. As a result, the crooks were able to convince users that they needed expensive but ultimately useless “support packages” in order to clean up their computers. These specious offerings, not surprisingly, do next to nothing when it comes to protecting a user’s computer.
“Tech support scams are one of the top threats affecting older folks, costing consumers millions of dollars in losses. Despite many takedowns and arrests in recent years, this industry is still very active and using the same social engineering techniques via fake browser alerts,” the Malwarebytes Threat Intelligence team told Infosecurity.
“It is important to remember that those browser lockers are not harmful in and out of themselves and that they can be closed safely. Victims that ended up calling the alleged Microsoft technicians for assistance should change their passwords, scan their machine for malware, revert any payment made, as well as monitor their bank statements closely.”
Source: Infosecurity Magazine