Tech support scams integrate call optimisation services to insert phone numbers

News by Rene Millman

Fraudsters are turning to legitimate services used by call centre organisations to dynamically insert phone numbers into their scam web pages and potentially give them additional features to make their scams more successful.

Fraudsters are turning to legitimate services used by call centre organisations to dynamically insert phone numbers into their scam web pages and potentially give them additional features to make their scams more successful.

According to a blog post by researchers at Symantec, these call optimisation services are commonly used by businesses whose customers interact with them over the phone. Such services include; tracking the source of inbound calls, creation and management of phone numbers, call load balancing, forwarding, analytics, routing, and recording.

While these services help organisations get a better picture on customers it seems tech support scammers are also using these services to optimise their own "campaigns".

The scam starts with a victim visits a malicious website or is redirected to one by various means such as a malvertisement or compromised website. The website then tells the victim that their computer has been blocked because of a malware infection. There is also an audio file which plays in the background.

Researchers said that the JavaScript that plays the audio file also collects information about the victim’s browser. Based on the browser name and version number, the victim is redirected to a different scam page. There is also a script which is part of a popular call optimisation service’s advanced JavaScript integration.

"When a specific tag from the call optimisation service is present in the scam URL, the script retrieves the scammer’s phone number from the service’s servers. When the servers return the scammer’s phone number, the tag triggers the "Callback" function. This function is responsible for retrieving and displaying the appropriate phone number for victims to call," said Siddhesh Chandrayan, threat analysis engineer at Symantec.

He added that if the by using the call optimisation service’s tag in the URL the scammers can dynamically insert phone numbers into their scam pages.

"This can be useful, for example, if victims are based in multiple countries, as the victim can be shown a phone number that calls someone that speaks their language."

Chandrayan added that scammers are also taking advantage of many more of the features offered by these useful services, such as load balancing doing busy times and rerouting calls to other numbers in order to work as efficiently as legitimate call centre operations.

Bogdan Botezatu, senior e-threat analyst at Bitdefender, told SC Media UK that tech support scams are extremely profitable because they rely on targeting vulnerable categories of people like elderly persons or less tech-savvy computer users who hardly invest in security software.

"Organisations should install intrusion prevention systems to protect the endpoints against these attacks. In addition to that, companies should have extremely clear policies about the use of remote desktop support tools that can be executed with outside parties as they represent a serious threat to the network’s overall security. From tech support scammers to corporate espionage and ransomware schemes, remote desktop applications can be used as an entry point inside the company," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop