Researchers are warning of an online scam where fraudulent internet domains pass themselves off as legitimate cyber security companies.
Security firm Malwarebytes discovered a site that was masquerading as its homepage, using many of the same graphics and fonts but including a toll free number. When unwitting customers called the number, they found themselves being charged hundreds, if not thousands of dollars for completely bogus software support.
That's because they were not calling Malwarebytes at all but a fake tech support company called Tech Kangeroos – a team of trained con artists that has been found to be extorting huge amounts of money from people by impersonating an IT support firm and also many legitimate IT security companies including Symantec/Norton, Microsoft, AVG and Kaspersky.
When questioned, the fake tech support firm Tech Kangeroos says it is a third party firm with no affiliation with Malwarebytes or the other security firms it is impersonating the websites of. A disclaimer in bold on its own website repeatedly said as such.
Once the scammers have convinced the customer they are from a legitimate security firm, they encourage them install remote access software so that they can perform a fake security scan as a scare tactic before setting out a hefty bill to 'fix' security issues, as one victim, a customer of Norton antivirus reported. In fact unsuspecting victims are giving criminals full access to their computers.
According to many online reports they do absolutely nothing beside take a victim's money, and if discovered in their attempts once they've hijacked a computer, have been known to then try to break a victim's computer out of revenge.
Researchers from Malwarebytes found this out when they set up a test computer themselves for the scammers to target. After taking over the machine using remote access software Teamviewer, the Malwarebytes team refused to pay hundreds of dollars for 'Malwarebytes support' and the scammers then attempted to crash the computer.
A quick lookup for either the phone number or company name returns dozens of similar complaints.
'Just when you think you’ve seen everything when it comes to tech support scams, you realise how far the miscreants behind this plague will go to rob innocent people,' wrote Malwarebytes' blog.
Malwarebytes has tracked the IP address of the Tech Kangeroos company to Delhi, India.
'These types of scams are a significant problem, as the individuals behind them need little more than a website and phone number to pull them off, tricking consumers into giving away banking information, passwords, or even money,' a spokesperson from Symantec/Norton told SC Magazine.
'Unfortunately, like most established, consumer-facing companies, we see these kinds of organisations try to profit off our name by impersonating our brand.'
Web security firm High-Tech Bridge decided to dig deeper into this scam and performed research to understand how widescale the problem actually is.
They used Domain Security Radar, a free online service which is designed to detect cybersquatting such as this, to analyse the domains of leading cyber security companies.
What they found was that cybersquatting or domain squatting is a widespread problem.
Dangerous cases are websites like 'trendmicrow.' that collects personal data of Trend Micro customers pretending to be Trend Micro support. A Symantec's domain with typo 'sytmantec.com' redirects users to random websites, hosting adult content and malware.
Country or altered domains of well-known cybersecurity brands, like 'kamai.ru', 'junipernetworks.cn', 'kasperskysupport.com' or 'ciscogroup.com' are being squatted by scammers who try to resell them, and are parasitising on the original brand value.
'Unfortunately, lack of international cooperation and jurisprudence enable fraudsters to make easy money on various illegal or at least unethical operations with domains,' said Ilia Kolochenko, High-Tech Bridge CEO. 'Even cybersecurity companies are being targeted these days, not only financial institutions or luxury brands.'
Information Age has approached Moksh Popli, the operator behind 'Tech Kangeroos' and is awaiting comment.