Tech support scammers posing as employees of major technology companies such as Microsoft, McAfee and Norton target users with fake antivirus subscription updates. This is a large-scale email campaign.
While browsing the web, most people are redirected to a tech support scam site, which claims that their computer is allegedly infected and then asks them to call a displayed phone number to learn more information. These scams are widespread on the sites they use networks low quality ads, but are less likely to be received via email.
In conversation with Nicolas Joffre, SOC Regional Director at email security company "Vade Secure", Bleeping Computer has learned that the new tech support email scam started in March.
This is a scam that started with low volumes of emails, but quickly turned into volumes of up to 200.000 emails per day. In total, since the start of the scam, Vade Secure has filtered over 1 million of these emails targeting their customers.
The emails appear as billing notifications ostensibly sent by Norton Lifelock, Microsoft and McAfee, stating that the recipient will be charged between $ 350 and $ 399 for a three-year subscription if they do not call to cancel the subscription. Malicious agents are constantly changing email topics, but it all comes down to a subscription fee from a reputable security company.
For example, one tech support scam pretends to be from Norton Lifelock and states that the recipient will be charged $ 349 for a three-year subscription unless they call the number included to cancel it.
Since these are fake billing alerts, scammers are betting that the recipient will call the number displayed to them to gain remote access to their computer.
When users dial phone numbers, scammers install remote access software that allows them to then install malware on the computer.
Unfortunately, many people get involved in these scams and give threat carriers remote access to their computers. The most common victims are the elderly, as they may not have much experience with computers and tell others to help them.
The best line of defense against scam emails is never to call a phone number included in an email stating that you owe money. Instead, you should visit the company website and contact the number listed there to confirm whether an email is valid or not.
More importantly, no legitimate company will ask you to grant them remote access, nor will they ask you to download refund processing software.
Source of information: bleepingcomputer.com