Scare tactics! Tech support scam claims your hard drive will be deleted

A new tech support scam warns that a victim's hard drive will be wiped of all data... unless, of course, they call the fake customer support number.

This scam initiates whenever a user visits a malicious website. Immediately, it tries to scare the victim with a unusual tactic, as Siddhesh Chandrayan of Symantec explains:

"The web page displays a fake 'hard drive delete timer' that warns the user that their hard drive will be deleted within five minutes. A warning audio tone is also played in the background, which again warns the user that their system is infected."

The scam also displays a pop-up alert in the browser that the user's computer has been infected by a virus and that they must call a support number to resolve the issue.



WARNING!

Your Hard drive will be DELETED if you close this page. You have Exploit.SWF.bd Virus infection! Please call Microsoft Support Now! Call Toll-Free: (0)286-740-0038 To Stop This Process

Are you sure you want to leave this page?

Of course, if you are duped into calling the number you run the risk of being tricked into giving a hacker remote access to your computer (which may lead to them installing malware on your computer), or handing over your credit card details for a "repair".

Tech support scams make use of a variety of techniques to successfully fool their victims.

Some rely on a convincing impersonation of the victim's ISP or of Microsoft's update process or the infamous "blue screen of death", while others attempt to give away as little information as possible to security researchers.

This latest scam falls into the latter category. Specifically, it uses obfuscated JavaScript to hide a number of its attributes, including the code used to activate the scam, display the pop-up alert, and even track cookies so as to avoid delivery to the same victim more than once.

To optimize the chances of someone falling for the scam, fraudsters take it one step further and even include code (also obfuscated) that verifies the user's operating system.

Chandrayan points out why:

"This code addresses a potential major flaw in the scam. Usually, tech support scams come with hardcoded strings such as 'Windows detected infection'. For a user redirected to the web page from an Apple Mac, it is clear they are being tricked into something fake. The scammer avoids this scenario by tailoring their code appropriately and showing the fake alerts relevant to the specific victim."


Code used to check OS of victim's computer

This particular tech support scam might have a few more bells and whistles than other ruses, but users can defend against it just as they would any other ploy.

Specifically, if you think there's something wrong with your computer, you should contact the company directly and speak to a representative. You should also avoid visiting suspicious websites and remember to maintain an up-to-date anti-virus product, and keep your computers patched with the latest security updates.

Source: Graham Cluley