DoubleLocker Android malware

ESET reports that “ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, it also locks the device.”

DoubleLocker: Innovative Android Ransomware

David Harley

Support Scams – What to do next

My latest article for ESET’s WeLiveSecurity blog expands on an article that originally appeared in a lengthy article on support scams for ITSecurity UK, and subsequently in an article for the ESET Threat Radar Report for December 2015.

Support scams: What do I do now? covers some of the options for people who’ve allowed a support scammer to access their PC and, on discovering that they’ve been duped, have asked about the implications of that mistake and what they need to do next.

Link added to support scam resources page.

David Harley

Also added to the tech support scam resources page…

When I posted the previous blog I suddenly realized I’d forgotten to add a recent article by Rob Waugh for ESET: Reverse charges: How one man turned the tables on PC phone scammers. My own blog Scamming the Scammers also refers.

Now added, of course.

David Harley
ESET Senior Research Fellow

Another tech support scam resource

Added to the resources page at http://avien.net/blog/pc-support-scam-resources/: a blog for ESET on support scams. To be precise, how support scammers sometimes convince you that they’re providing product support on behalf of the vendor.

1. By social engineering in the course of a cold-call.
2. By seeding the web with sites and using SEO to promote them that support their claims to provide AV tech support, though they’re unlikely to claim there that they’re directly affiliated with individual companies.

I had a lot of helpful discussion with ESET’s support team that inspired the article. And I regard this kind of fraud as an insult to the sterling work that real AV tech support teams do.

Tech Support Scammers: Talking to a Real Support Team

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

Another tech support scam resources update

An article by me for ESET: Support Scams: we don’t really write all the viruses…

Which includes commentary on and references to this article by Eddy Willems of GData: A curious phone call – when a help desk scammer offers you a job

Both added to PC ‘Tech Support’ Cold-Call Scam Resources, of course.

David Harley
ESET Senior Research Fellow

Support Scam Resources Update

Added a link to the AVIEN support-scam resources page: to be precise, an article for ESET in which I commented on some recent developments in the support scam landscape, including a pointer to Jerome Segura’s article for the Malwarebytes blog: Support Scam Cold-Calling: the Next Generation.

Also referenced in the article and well worth a read is a recent post by Jean-Ian Boutin (also for ESET).

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Support scams: new resources

Well, not new resources, unfortunately. Just a couple of blogs I haven’t got around previously to flagging here: PC ‘Tech Support’ Cold-Call Scam Resources. I have lots of other material to add, but no time to edit it down to be readable at the moment, unfortunately.

Still you might find the additions (and the resources elsewhere that they point to) of some use and interest.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Support scam info

Here are some recent (unedited) comments to one of my ESET articles on support scamming.

The latest comments to How to recognize a PC support scam include three particularly interesting comments. The first includes a couple of phone numbers that might be worth investigating. The second indicates an oddity as regards the scammer’s caller ID, and the third (by my colleague Aryeh Goretsky, who has experience in the telephone industry) explains its significance:

1. We recieved several phone calls today from this same identity, he proclaims himself to be from the national computer security.  I felt scam from the beginning but I wanted to know his ploy, he had already tried to extract info from my teenage son(15) but very computer savey(too many gaming hackers for friends). The caller called w/o giving name but caller id showed (4-905-512-3123) however when told he was being traced, he gave a number (510-314-4990)(person not available). They try to convince you that any caution or failed service history notices are dangerous hackers.  Don’t delete but talk w/ their tech reps and they will tell you what to do.  My oppinion, bad idea.  My neighbor is w/ cyber crimes for our city, I’ll ask his help and have my compuiter checked out by a local reputable source
2. I got several calls from this weird NODID caller ID wich isn’t what my phone usually displays when I get an anonymous caller id. And today I was home and answered to this guy who sounds like he is from india, telling me he works for PC support and that my computer is sending them online error reports. It seemed obvious it was a scam so I told him to stop calling me because I am not interested in whatever he had to offer. He then asked if I thought it was a sale call, I replied that I think it’s a scam. And he hung up immediately. I looked up pc support on the internet and found this page. They do still try to fish with this scam. My phone number is in east coast Canada
3. Hello Jonathan, I wonder if your Caller ID might have displayed “NO DID”? D.I.D. is an abbreviation for “direct inbound (or inward) dialing” and is a term used in telecommunications to refer to phone line assigned to a specific device. In this case, I have to wonder if the scammer who called was had hacked into some company’s VoIP phone system to steal phone service for their calls, and this was displayed as a result of that action.

David Harley
ESET Senior Research Fellow

Tech support scammers claiming to be from Creative Solutions Online

Report received via the ESET blog of a scam call using the ASSOC and Event Viewer ploys: scammer used the name Alex Parker, and said his company was Creative Solutions Online: creativesolutionsonline.net.

Whocallsme.com came up with a number 4034563615 used by scammers claiming to represent the same company, or for Windows Internet

Office address given as Clearwater, Fla., and phone numbers in UK, US, Australia

REGISTRANT CONTACT INFO
Sibyl Technology Solution
Rubel Debnath
339, purbasinthi
kolkata
west bengal
700030
IN
Phone: +91.9230062065
Email Address:

Also added to support scam resources page in case someone is interested in following up on data like this.

David Harley

 

 

Updates to the support scam resources page

… more info from readers of ESET’s Threatblog on globalpchelpline.com, IPC Support, and Online Tech. And did you know that your motherboard has a CLSID? (No, it doesn’t!)

—
David Harley