The perils of fake technical support

April 18, 2019

Large companies and their clients are regularly targeted by online scammers. The attacks can be of any kind and level of complexity, ranging from random phishing to artful schemes. One of the most common online frauds in recent years has been fake technical support.

Dangers of fake technical support sites and social network accounts

Links to fake technical support sites, accompanied by rave reviews, can be encountered both on forums dedicated to a particular issue and on social networks. In social media, you might even stumble upon one of the huge number of fake Kaspersky Lab support accounts out there.

A fake Kaspersky Lab technical support account on Twitter Another fake Kaspersky Lab technical support account on Twitter

All of these profiles have one thing in common: They claim to offer assistance in any matters related to company products, with specially trained, highly qualified technical support staff supposedly ready and waiting to deal with user issues. Needless to say, it is not free.

The fanciest fake Kaspersky Lab technical support account we found on Twitter

Being deceived is unpleasant enough, but that’s only half the trouble. Worse is the way that fake support services “solve” user problems. For example, here is a website that prompts the user to enter their account details to run a virus scan (you should never do that).

This fake Kaspersky Lab support website prompts for account information, supposedly to run a virus scan A fake virus scan on a fake Kaspersky Lab technical support site

At 73%, the scan suddenly stops (tests on different devices show that it’s always 73%), after which “technical support” prompts: “Upgrade your security.” Clearly, the calculation is that the user, on seeing the warning, will call “technical support” for help with this upgrade.

The fake virus scan always stops at 73%

Unfortunately, we were unable to ascertain what precise information the victim is asked to reveal during the call, because a short while after we detected the site, the details under the Contacts tab suddenly vanished. So we can only guess at what the victim might lose as a result of this “assistance.”

Here’s another site where in addition to personal information, the user is cheekily asked to enter the Kaspersky Lab product activation code.

This fake Kaspersky Lab support website prompts for the user's antivirus activation code

After the user enters the information, an error message points to various “problems,” and the user is once again asked to contact “technical support” by phone.

This fake Kaspersky Lab technical support website offers to resolve

A simple search on the phone number provides everything you need to know about the service. Examining the search results, we found that this number is used to deceive not only Kaspersky Lab users, but other companies’ users as well.

The check showed that the same number is used to scam users of several companies

In the course of our small investigation, a large number of similar resources were blocked. But banning all such sites is not feasible. As long as this type of activity remains profitable, fake technical support sites will continue to mushroom. Here are some simple tips to help avoid “support professionals” of this kind:

  1. If product issues arise, use only official support services. Only there will you get expert help and answers to your questions.
  2. In social networks, always check if accounts are official — look for a blue badge next to the account name for verification.
  3. If you were recommended a support website, or found it yourself online, take the time to do some digging. Sometimes just googling the website’s name will suffice.
  4. You can also check who the website address is registered to. If instead of the reputable company you were expecting, the address is registered to an obscure entity, let alone an individual, the website is bound to be fake.
  5. Kaspersky Lab does everything it can to safeguard users against such resources: All of our products provide built-in protection against potentially dangerous websites, including all of the fake technical support sites that we discovered.