Number: AL16-004
Date: 24 March 2016
Purpose
The purpose of this Alert is to bring attention to a fraudulent technical support campaign impersonating ISPs.
Assessment
Through open source reporting, CCIRC is aware of a technical support scam that impersonates ISPs in order to convince users to give the scammers remote access to their machines and remove allegedly malicious files for a fee. The scammers identify the target’s ISP through their client IP address, and then display a legitimate looking technical support page, mimicking that of the legitimate ISP, that urges the intended victim to call for immediate assistance. Once the victim contacts the number provided, the fraudulent technician takes remote control of the machine to convince the victim that they are infected with several malicious files, and that they should make a payment to the technician to remove the allegedly malicious files. The fraudulent technician will perform simple file searches on the system in an attempt to add credibility to their activities. The scammers rely on the fact that some people may not be able to distinguish between malicious and non-malicious files. The scammers also use custom audio messages impersonating the individual victim’s ISPs, giving more credibility to the scam.
Suggested Action
Anyone experiencing this type of behaviour should not establish contact with the number provided.
- Report the fraudulent call to the Canadian Anti-Fraud Centre at the following link http://www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm.
- If the consumer has allowed remote access to their computer, then the system is likely compromised or open to further remote abuse. Affected consumers should consider reinstalling their operating system using the computers built-in back-up feature. Alternatively, take the system to a reputable computer support service to have the system reinstated to assure complete protection of their system and information.
References:
More information on this scam can be found at the following link:
Scammers Impersonate ISPs in New Tech Support Campaign
https://blog.malwarebytes.org/fraud-scam/2016/03/scammers-impersonate-isps-in-new-tech-support-campaign/