Cyber Threats
Using Social Media, SEO in Tech Support Scams
Tech support scams have diversified into new territory. They now use pop-up alerts and social engineering tactics to spread fake toll-free numbers and links of their fake tech support websites on popular social media platforms.
Over the years, tech support scams have been aggressively attacking consumers the world over. Under the guise of helping people with their tech woes, scammers contact would-be victims in an unsolicited manner via phone calls, website redirects, pop-up advertisements, and on occasion, phishing emails. Despite the years, tech support scams are far from being washed out: A study spearheaded by Microsoft found that 63% of consumers have experienced some form of a tech support scam in 2018. And this may be attributed to the fact that tech support scammers are now shifting gears and changing their methods.
The cold-calling practices used by Tech Support scammers have become less effective in deceiving victims as people are more likely to avoid communicating with them at all. Google and Microsoft have both strengthened their policies against third-party online tech support advertisements. To cope with all of these, tech support scams have diversified into new territory. These scammers have now adopted strategies such as using pop-up alerts using web and JavaScript tricks, and social engineering tactics to spread fake toll-free numbers and links of their fake tech support websites on popular social media platforms, which also allow them to appear with high rankings on web searches.
Scams on Social Media
We observed several tech support scams being promoted in different social media platforms. Tech support scam actors create fake social media accounts to make keyword-rich posts. They then use these to deceive users into clicking on phishing sites and calling toll-free numbers upon searching for tech support information online. These scams attempt to obtain personally identifiable information or charge victims for their “services,” which range from activating software, getting product assistance, to removing malware from machines.
Figure 1. How tech support scams operate on social media
Figure 2. Screenshots of tech support scams posted on Twitter
Figure 3. Screenshots of tech support scams purporting to be representing legitimate security companies posted on YouTube and Facebook
These social media posts provide links to malicious websites that are made to look like the security companies they’re forging. These phishing sites often request for personal information, such as a user’s name, email address, and telephone number. We observed that these scammers provide fake tech support numbers for security companies such as Kaspersky, Avast, AVG antivirus, Norton, McAfee, and Webroot. This one was made to look like Trend Micro’s tech support page, even copying the official website’s banner.
Figure 4. A screen capture of a website that’s made to look like Trend Micro’s
The diversification of methods employed by tech support scam actors seems to be using search engine optimization (SEO) techniques. Creating posts and uploading images that contain tech support keywords for product and security companies on social media increases the chances of it showing up on social media searches. On top of this, the millions of people who also frequent these social media sites may also stumble across these scammers’ posts when searching for tech support information.
Figure 5. A screenshot of the official Trend Micro Home and Home Office Support page
We also observed that the scammers promote toll-free numbers for different product and security companies on social media as well as on their fake websites. One of the toll-free numbers we studied, 1-888-267-6495, solicited a variety of fake tech support information on a Google search.
Figure 6. The search results for a fake toll-free number
We observed that this toll-free number was associated with spoofed websites of security companies such as Webroot, Avast, Kaspersky, and AVG. It was also linked to fake websites for Gmail support, HP customer service and printer support, as well as AOL email account assistance. On social media, the toll-free number was associated with Microsoft Office setup assistance, Canon printer technical support, and Google Chrome support, among many others.
It’s important to note that on one of these social media platforms, namely Pinterest, a search of this toll-free number led to “similar ideas” or similar posts that featured different toll-free numbers.
Figure 7. Fake social media numbers that come up when searching for 1-888-267-6495 on Pinterest
It is not a practice for different companies – especially competitors – to share one tech support number; hence, this is obviously a fraudulent toll-free tech support number.
We also observed this tactic at play on YouTube, where one toll-free number leads to two different companies’ fake tech support information via different YouTube videos.
Figure 8. Two competing companies’ fake tech support information that come up when searching the toll-free number 1-877-219-8737 on YouTube
In the last few months of 2018 and continuing into 2019, there has been a large uptick in fake warning pop-ups that have been attempting to fool users into thinking that their machines are riddled with malware, and that they’d need to click on the fake pop-up for a complete computer scan. We noticed this scam using official logos and branding of legitimate security companies to trick victims.
Figure 9. A fake pop-up warning pretending to be from Trend Micro
Trend Micro offers different tech support avenues for its customers. Home and home office customers can look for frequently asked questions and other pertinent topics in the Help and Support hub. For additional help, customers can get in touch with tech support through phone, Facebook messenger (Ask Vanessa), live chat support, email, or by joining the Trend Micro Home Users Community. Business customers can access technical support, virus and threat information, as well as renewals and registrations assistance via the Business Support hub or through regional phone numbers.