Imagine that you’re surfing the web, and suddenly a popup appears on your screen with an ominous message. “Your computer has been infected with a virus. Call our toll-free number immediately for help.” People savvy enough to understand how legitimate antivirus software works, and those knowledgeable about phishing techniques will recognize those warnings as fake. They know that the message probably leads to a scam or cyber attack of some sort. In fact according to research data, only about one in five recipients call the toll-free numbers. People send money to the scammers for only about 6% of those incidents.
But with Microsoft detecting that about 150,000 of those fake warnings per day, $99 to $1,000 each out of those 6% who take the bait adds up to an awful lot of money. It’s a very profitable operation for organized crime. Cyber gangs impersonate large and trusted tech companies such as Google, Apple, antivirus vendors, and yes Microsoft too.
Fortunately, occasionally, suspected con artists are caught by law enforcement. In the last several months there have been a rafdt of arrests in India. Last month, raids on ten fraudulent call centers resulted in 24 arrests. And during the last week of November, about three dozen people were arrested in raids of 16 fraudulent call centers in and around New Delhi. Indian police say there have been thousands of victims in the United States and Canada.
|Ajay Pal Sharma, a senior superintendent of police in New Delhi, commented “The modus operandi was to send a popup on people’s systems using a fake Microsoft logo.” Victims would call the toll-free number, then they’d reach an agent in a fraudulent call center. The agent would pretend to work for Microsoft, and they’d say that the victim’s computer has a virus or was subject to some other sort of cyber attack. The agent would tell the victim that they could fix the problem for anywhere between $99 and $1,000.|
, commented “The modus operandi was to send a popup on people’s systems using a fake Microsoft logo.” Victims would call the toll-free number, then they’d reach an agent in a fraudulent call center. The agent would pretend to work for Microsoft, and they’d say that the victim’s computer has a virus or was subject to some other sort of cyber attack. The agent would tell the victim that they could fix the problem for anywhere between $99 and $1,000.
Of course, Microsoft will never directly contact consumers who get malware, nor will Microsoft directly contact customers who have other Windows problems. If you’re a customer facing any sort of Windows support issue, it’s better to visit the Microsoft support site directly at support.microsoft.com. Even a web search for Microsoft Support generates some results for tech support scams, so I urge you to make sure you go to Microsoft’s real website.
The fake virus warning popups are probably the result of web malware that hijacks legitimate webpages to conduct the phishing attack. Web malware is very common these days, and website owners may be found to be liable for cyber attacks that are conducted by hijacking their webpages. Having web malware can also be very bad for a company’s reputation, and possibly bad for regulatory compliance as well. I recommend that you use Web Inspector for a free malware scan of your website.
India is a hotbed for fraud, not only through the internet but also for telephone scams. That’s partly because India has the world’s largest call center industry. They have the technical knowledge, they have the infrastructure, and they also have many millions of fluent English language speakers.
Another recent phishing phenomenon includes US IRS and Canada Revenue Agency scams. Potential victims in the United States receive fraudulent phone calls impersonating the IRS or the CRA in the US and Canada respectively. Victims on both sides of the border were told that they owe steep income tax bills and/or back taxes, and that their arrests are imminent if they don’t pay tidy sums in Bitcoin to the scammers. This past summer, the US Justice Department sentenced 21 Indian citizens behind the tax scams. At least 15,000 Americans had hundreds of millions of dollars taken by the scammers between 2012 and 2016. I personally got a CRA tax scam phone call last spring.
A hunch tells me that many of these types of scams are still ongoing, and they’ll probably continue for many years to come. Finding and arresting the scammers seems like a game of Whack-A-Mole. It’s best to educate yourself about phishing techniques and think with a critical mind.