Thursday, March 28, 2024

Tech Support Scams Integrates Call Optimization Service to Insert Phone Numbers into Scam Pages

Scammers continue to adapt with new techniques to trick user’s and make them fall as a victim. Scammers always impose limits such as “call immediately” or “Offer Valid Today only” to make you act on it immediately.

Security researchers from Symantec spotted a new Tech Support Scam that adopts to call optimization service for inserting the phone numbers to scam pages to make it looks more legitimate.

Tech Support Scam

Attackers somehow manage users to get visited a malicious website, commonly through malvertising or compromised website.

Generally, tech support scam’s perform fingerprinting, according to researchers “this particular scam goes a step further and retrieves the browser version as well and redirects the user based on the browser name and version”.

Tech Support Scam

Also, it play’s audio in the background stating that the computer is infected once the user arrives at the scam page.

Then it inform’s users that their computer has been blocked due to a malware infection and tempt user’ to call the number displayed on the screen for assistance.

According to Symantec research, the scam page uses a call optimization service’s advanced JavaScript integration service that return’s scammer phone number from the server and triggers a call back function.

Tech Support Scam

By having the call optimization enabled, attackers, make sure correct phone number displayed to the user’s based in multiple countries.

Recently a sophisticated Apple Phishing Scam notifies the user’s that their account has been limited due to unusual activity and ask’s for payment details and the site was encrypted with Advanced Encryption Standard (AES).

Also Read

Top Cybercrime Tactics and Techniques Q2 2018 Cryptomining, GrandCrab, SamSam & VPNFilter

Best ways to Lock Down the Highly Sensitive Data From the Massive Breaches

Beware of Apple Phishing Scam that Threatens Users to Disclose Personal Details

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles