Fake Microsoft and Apple support add mobile ‘click-to-call’ to their arsenal

Just click to call a tech support scammer
Just click to call a tech support scammer

Tech support scammers have made it easier than ever for victims to get on the phone and speak with them after adding a feature that automatically offers the option to call with one click. 

The new feature, which targets iPhone and Windows desktop users, cuts out the need for bogus messages and other trickery to convince victims into dialing a fake hotline and connecting with an operator who’s paid to cajole victims into buying unnecessary products for fictional security issues.

Microsoft has been making it harder for desktop tech support scams to work with new features in Edge and Internet Explorer that block common techniques used to lock a browser through pop-up loops, which is often achieved with JavaScript code

Edge and IE for example, allow users to close dialog pop-ups despite the attackers using JavaScript to prevent closing the dialog boxes. Google’s Chromium team has also advised web developers against using JavaScript for dialog boxes because tech support scammers had found a way around existing protections in Chrome that detected and blocked attempts to prevent users from leaving a page. Windows users can stop the repeated pop-ups by killing the process in Task Manager, but a significant portion of users lack the technical know-how to do this.   

Tech support scammers are responding to better desktop browser defenses with techniques that help escape them and move more quickly to an actual phone call. Some sites now include a click-to-call feature combined with instructions to automatically click the link. Once clicked, the code opens a smartphone’s phone app and then prompts the user to call the scam support call centre. 

The method is potentially more persuasive than relying on a fake security alert that aims to scare victims into calling a support number. Calling a scam number often results in the victim unwittingly providing the scammer with remote access to their computer, which can result in further malware being installed.  

The click-to-call technique adapts to the reality that Windows desktop users probably own an iPhone and may be looking for desktop support from their mobile device. 

Additionally, as Microsoft notes, the technique offers scammers a simpler process to talk with potential victims since they don’t need to build a multitude of web messages to frighten targets into calling.  

Microsoft highlights one support scam that is targeting Apple users employing an audio file that reads out a bogus “critical alert” supposedly from Apple support containing language that Apple is unlikely to ever use. 

“Your mac has alerted us that your system is infected with viruses, spywares, and pornwares. These viruses are sending your credit card details, Facebook logins, and personal emails to hackers remotely. Please call us immediately on the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3," the message reads. 

Support scammers don't just impersonate Microsoft and Apple though. The ACCC's ScamWatch unit has received hundreds of complaints about imposters claiming to be NBN or Telstra support staff. In October ScamWatch received over 600 complaints about "remote access" scams, which resulted in $214 572 in losses.

Tags MicrosoftAppleiPhoneWindowstech support scam

Show Comments