Posted by: David Harley | October 8, 2015

Pop-ups and Support Scams

Today I added a link to the support scam resources page at AVIEN: this one is by me for ESET, on the way support scams are gradually moving away from simple-minded cold-calling to fake-AV-like pop-ups, intended to trick victims into making the initial telephone contact.

I figured it was also worth flagging here since the scams are aimed not only at Windows users but at users of OS X and iOS, Android, and even (rather ineptly) Linux. How many Linux users believe their system uses an NT Kernel or the Windows Firewall?

linux popup

(And no, Wine doesn’t have a bearing on this either: it implements the App Binary Interface in userspace, not in a kernel module.)

Here’s the direct link to the ESET article: Tech Support Scams: Top of the Pop-Ups, which has a few more screenshots, much more information, and some undiluted sarcasm. Sorry, support scammers just bring out the worst in me…

And for those who believe that nothing bad could ever happen to anyone who uses an Apple device, here are a few screenshots to show the sort of thing we’re seeing.

ios popup

iOS Pop-up: fake system crash

Crude, but could be ineffective. For comparison, is a typical Windows fake Blue Screen of Death (BSOD) screenshot.

bluescreen popup 2

Fake BSOD 

And here’s a Mac version.

mac scam

OS X fake system crash

Moving away from the fake system crash approach to scamming, here’s a pop-up that claims Safari has detected something malicious. I’ve seen these on OS X and iOS, but using other browsers and platforms too. And, of course they also masquerade as anti-virus alerts from the likes of McAfee, Symantic/Norton, even AVG and MSE.

safari popup

Fake Safari alert

And here’s an example of the sort of thing we’re seeing on Android, so that Chris DiBona won’t feel left out.

android popup

I guess, though, that given the recent fuss over XcodeGhost and YiSpector the number of people who believe in Apple’s immunity to malevolent software may have dropped slightly.

Hat tip to Steve Burn and Jerome Segura for their excellent work on support scam evolution.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: