Scam Of The Week: Bogus IT Security Company Website

Most Valuable Client, scam

Tech Support Scams are nothing new, but the bad guys are furiously innovating and there is a new variation you need to warn your users about. A few years ago this started out with bogus tech support calls from Microsoft or Apple, or more recently from your ISP which are still going on as we speak… But wait, there’s a new flavor!

Complete bogus websites that spoof major IT security software developers

We are talking companies like Symantec, McAfee, Malwarebytes and Kaspersky. The bad guys use shady SEO technology to get high on search engines and trick end-users into believing they are the real deal.

Next, the end-user is social engineered that they need to download the latest version, but a popup shows up with an 800 number and claims there is something badly wrong with their computer which needs to be fixed immediately before they download the new version.

You can guess the rest. Most people do not know this, but in India, in and around the capital of New Delhi, there are dozens of criminal call centers that do nothing else but run scams like this all day long.

I suggest you send this to all your users, friends and family. Feel free to copy/paste/edit:

[WARNING] Bad guys have a new scam. They create websites that look just like the real sites from security software vendors like Symantec, McAfee, Malwarebytes, Kaspersky and others. When you search for these sites, you could very easily pick the fake site instead of the real one.

These sites will then try to trick you into believing there is a new security software version you urgently need to install. But when you click the download button, a popup shows an 800-number claiming there is something badly wrong with your computer which needs to be fixed immediately before you download the new version.

When you make that call, a scammer with a foreign accent answers the phone, demands remote access to your computer, and charges you a hefty credit card fee to fix an imaginary problem. It’s not hard for the bad guys to create a fake website that looks just like the original, so make sure you verify that the website is legit! 

Only give out confidential information when YOU have initiated the call and never call numbers in an email that just appeared in your inbox. Only call a toll-free number that you know beforehand is legit, like on the back of your credit card, a statement you have received in the mail, or the order confirmation email you received at the time you bought the product. 

And remember… Think Before You Click!