A new scam, in which fraudsters pose as legitimate internet service providers (ISP) to offer bogus tech support, either via the phone or on the net, is on the rise in the US and UK according to security experts.
The new scam is a twist on an old trick which involved calling a victim, often claiming to represent Microsoft, and charging for fake tech support. The online version of the scam involves a realistic pop-up which interrupts a victim's normal browsing session with a message that appears to be legitimate and comes from the victim's real ISP. The pop-up contains a message saying that the ISP has "detected malware", and urges the victim to call a number "for immediate assistance".
The cybercrime unit at Microsoft is warning customers that they should never share their ISP account number with anyone and be wary of calls or emails they are not expecting. They add that, even if someone quotes your ISP account number, you should not trust them with your personal information.
As well as seeing examples of fraudsters using bogus ISP pop-ups, the cybercrime unit at Microsoft has also seen pop-ups which lock a computer and demand a fee. The firm has begun talks with ISPs, including US-based ComCast and the UK's BT on the issue.
In December 2014, in its first big strike against technical support scamming companies, Microsoft's Digital Crimes Unit filed a civil lawsuit in a federal court in the Central District of California against Omnitech Support for unfair and deceptive business practices and trademark infringement. The case was settled out of court under a confidential agreement.
Here are two main ways that the scammers make money from tech support scams.
Users are either persuaded to download software that will install malware - this could be banking trojans that will offer the hacker direct access to all your financial information or malware that joins your computer to a botnet.
In other cases, people are persuaded to sign up for bogus tech support services, giving credit card details that provide the scammers with a one-off payment. It is believed that these scammers had been in operation since 2013 and during the past two years have made more than $17 million.