Top Tips to Spot Tech Support Scams

By and on Dec 12, 2019

There are number of ways scammers use to target your money or personal details.  These scams include support sites for services such as Office365, iCloud, Gmail, etc. They will charge you for the service and steal your credit card details. Software activation scam sites will steal your activation code and they may resell it at a low cost.

There have been many articles about these types of scams, including one we posted earlier this year about support scams – https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam.

In this article, we would like to provide more examples of the scam sites and tips to help you spot them and avoid entering your personal information.

Scam sites may include these major services’ names in their domains, and include links for the official sites, to appear like legitimate (authorized) support for these companies.

The screenshots below are examples of various types of scam sites.

This one is an example of a software activation scam site. It targets users who are confused about how to set up their software. As shown below, the scammer asks users to enter their personal information and the activation key, pretending to help with the software setup.

On the same page, it provides the details on how to find the activation key and how to set up the software.

After following these steps and entering the personal information, you get an error as shown in the screen shot below.

At this time, the scammer has already received the user’s information, which could then be used for financial gain. As the error occurs, they expect the user to call the numbers above and they will charge the user for that call, even though they can get the same service for free from the respective software companies. This activation code can then be sold at a low cost on pirated software sites.

When you encounter a site which you suspect to be a support scam, try Googling its phone number. You may be surprised that a lot more of other support scam sites with the same phone number will appear in the results. In this example, the same number is linked to at least 4 other support scams.

For these sites, they have the same appearance as shown in the screenshot below.

The below screenshot shows a typical scam site that tries to mimic the official site but is not as professional. It only provides the phone number and contact form, and nothing else.

 

Users may encounter these sites in various ways:

  • By clicking on links from unsolicited emails.
  • From pop-up ads from risky sites such as illegal movie streams.
  • Ad campaign pop-ups from otherwise legitimate sites that have had malicious ads injected or not thoroughly vetted.
  • Advertised in online classified ads, forum posts and blog sites.
  • Advertised in Social media sites such as Facebook, Reddit, YouTube and Tumblr.

One way to be sure that you have the correct contact information is to get it from the legitimate website.  When you search for the contact information, always make sure that the search result shows the link to the respective organization.  Please be aware that this may not always come up on top of your search.

When you click the link in the search result, make sure that you land on the expected site.

Advice to Consumers:

Online users should be careful in their choices of trying to get technical support and activation setup.

Consumers should be aware that these companies will not send unsolicited email messages or unsolicited phone calls to request users’ personal or financial information to offer technical support to fix their computer or for activation setup.

As highlighted in this blog, a user will often be presented with a fake error screen to be tricked into calling a premium rate phone number. Warnings or error messages from legitimate companies never include their phone numbers.

Users do not have to pay for such a service which they can get from the respective companies directly for free. Also, software companies will never ask you to pay with Bitcoin or gift cards. Users should only use the official website and, if unsure, they should contact the official website via its contact form.

These tech support domains may be registered in various countries. Their lifespan may be short, like a year or two. Just for the examples listed in this article, the average domain life cycle was 2.1 years. They mimic the look and feel of the official web sites by copying the logo and other graphics, but they are often not quite as professional looking as the official ones.

If you find suspected scam sites, please submit them to McAfee for review at https://trustedsource.org as well as reporting to your local law enforcement.

The Below Discovered and Analyzed URLs are Covered By WebAdvisor

hxxps://www-norton-com-setup.xyz
hxxp://nortoncomsetup.co/
<hxxp://mcafeeactivate.support
hxxp://www.yourpcassistant.com
hxxp://manage-norton-setup.com/
hxxp://contacttechassistance.com/
hxxps://i123hp.com
hxxps://canon.com-ijsetup.com
hxxp://www.mydragonsupport.com
hxxps://www.retail-cards.com/
hxxps://wwwofficesetup.com/
hxxps://how-tosetup.com/
hxxps://www.sbcglobalsupportnumber.com
hxxps://acersupportnumber.com
hxxps://www.canonsupportnumber.org/
hxxps://applesupportnumber.net/
hxxp://mssetup.com
hxxp://officecomsetup.support
hxxp://wwwofficesetup.com
hxxp://howtoactivatemcafee.com
hxxp://www-mcafee-com-activate.co.uk

About the Author

Joy Olowo

Joy Olowo has worked at McAfee for four year as Web Security Researcher, specializing in URL research.

Read more posts from Joy Olowo

Kyoko Desiderio

Kyoko has worked at McAfee for the total of 14 years as Web Security Researcher, specializing in URL research.

Read more posts from Kyoko Desiderio

Categories: McAfee Labs

Subscribe to McAfee Securing Tomorrow Blogs