Scammers Impersonate Internet Service Providers (ISP) in Fraudulent Technical Support Campaign

Number: AL16-004
Date: 24 March 2016

Purpose

The purpose of this Alert is to bring attention to a fraudulent technical support campaign impersonating ISPs.

Assessment

Through open source reporting, CCIRC is aware of a technical support scam that impersonates ISPs in order to convince users to give the scammers remote access to their machines and remove allegedly malicious files for a fee.  The scammers identify the target’s ISP through their client IP address, and then display a legitimate looking technical support page, mimicking that of the legitimate ISP, that urges the intended victim to call for immediate assistance. Once the victim contacts the number provided, the fraudulent technician takes remote control of the machine to convince the victim that they are infected with several malicious files, and that they should make a payment to the technician to remove the allegedly malicious files. The fraudulent technician will perform simple file searches on the system in an attempt to add credibility to their activities. The scammers rely on the fact that some people may not be able to distinguish between malicious and non-malicious files. The scammers also use custom audio messages impersonating the individual victim’s ISPs, giving more credibility to the scam.

Suggested Action

Anyone experiencing this type of behaviour should not establish contact with the number provided.

References:

More information on this scam can be found at the following link:

Scammers Impersonate ISPs in New Tech Support Campaign
https://blog.malwarebytes.org/fraud-scam/2016/03/scammers-impersonate-isps-in-new-tech-support-campaign/

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: