Microsoft warns: Bogus Apple, Windows tech support sites open your phone app

Tech-support scam sites now contain click-to-call to "help" victims more easily contact their sham hotlines.
Written by Liam Tung, Contributing Writer

Video: Microsoft AI tools to take down Windows support scam masterminds

Tech-support scammers are testing new phone-call prompts to trick unsuspecting users into calling a bogus hotline, says Microsoft.

The prompts are just the latest innovation developed by fraudsters to dupe users into paying for fake support for non-existent issues, according to Microsoft's Windows Defender Research team.

Tech-support scams are all about deception and trickery, such as fake Blue Screen of Death (BSOD) warnings and other browser pop-ups with fake security warnings that invariably aim to convince users to call a hotline and pay to fix a contrived security problem.

Scams often try to get victims to provide the operator with remote access using tools like LogMeIn Rescue and TeamViewer to improve the chances of victims feeling they need to pay for a fix.

It's a lucrative business for the scammers, some of whom have been caught in recent crackdowns by the Federal Trade Commission.

One tech-support scam outfit was ordered to pay $10m in refunds earlier this year for an operation that was said to have conned $120m from consumers between 2012 and 2014.

The methods of reaching potential victims have evolved from cold-calling to newer fake ads from well-known tech brands, and even phishing-like email with links to a fake tech-support site.

Website-based attacks often use JavaScript to lock users to a series of dialog boxes that display a security alert and hotline number.

Microsoft and Google have rolled out features in their respective browsers to address these intrusive dialog boxes. Edge, for example, allows users to close the browser even when there is an active dialogue box.

See also: What is phishing? How to protect yourself from scam emails and more

Tech-support scam sites have responded to these new browser defenses. Microsoft recently discovered one bogus tech-support site that does away with JavaScript dialog boxes and instead uses a snippet of JavaScript that causes a smartphone's phone app or other communications apps, like Viber, on a PC to call the fake hotline. The code automatically opens the calling app with the hotline number pre-filled.

A victim would still need to press call but the technique allows scammers to use simpler communications, such as, "We're here to help" rather than legit-looking system warnings.

As noted by Microsoft, the scam site is targeting both Apple and Microsoft users and caters to users of desktops and smartphones.

Instead of scary dialog boxes, the site Microsoft found plays an audio message to warn users about a supposed "critical alert from Apple support". The message reads:

"Critical alert from Apple support. Your mac has alerted us that your system is infected with viruses, spywares, and pornwares. These viruses are sending your credit card details, Facebook logins, and personal emails to hackers remotely. Please call us immediately on the toll-free number listed so that our support engineers can walk you through the removal process over the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3."

Microsoft believes the tech-support scam site is being sold as a service on cybercrime forums.


Tech-support scams add click-to-call and drop-down dialogue boxes.

Image: Microsoft

Previous and related coverage

Windows 10 security: Here's tech support scammers' latest ploy, says Microsoft

Tech support scammers are borrowing phishing techniques from criminals who seek online credentials.

We talked to Windows tech support scammers. Here's why you shouldn't

They're after one thing -- money. And when they can't get it, they'll resort to any means necessary.

Apple, Windows tech support scams: US cracks down on fake security alerts

Don't call that toll-free number if you see what looks like a security alert in your browser.

Read more about scams and security

Editorial standards