By Stormi O'Donnell
SecureWorld Media
"If you can't beat 'em, join 'em." At least that how the old saying goes. It appears that cybercriminals are taking the saying to heart by impersonating legitimate cybersecurity companies. The major problem is that they're getting really good at it. Last year, a researcher at Malwarebytes discovered a "tech support" company that was impersonating Malwarebytes.
The scheme works by convincing customers to let a "tech support" agent remotely access their computer. Once the computer is accessed, the fake agent initiates a "security check," but the so-called check is actually just a few lines of code that is programmed to set off a series of security pop-ups (all fake, of course). Malwarebytes documented the scheme in this series of photos.
Where are they now?
Fast forward a year, and the impersonators are still at it. The fraudsters even went as far as to rip off the Malwarebytes logo and website design. Check out the screenshots that researchers at Malwarebytes grabbed.
Of course, researchers at Malwarebytes wanted to know who was impersonating them, so they launched an investigation. They found this statement from the fraudulent website.
If you choose to sign this document or agree to make any online/ offline payment at Malwarebytes Support 247, a
service provided by Malwarebytes Support 247 (hereby known as "www.geeksinhome[DOT]com" having its offices
in India and businesses concerns in USA and Canada, you are agreeing to be bound by the following terms and
conditions ("Terms of Service"). You may contact home support 1-888-609-4191 for any kind of question that you
have for home support.
As far as I can tell, the fake website has since been taken down; however, researchers at Malwarebytes did a fantastic job of investigating the fraudsters. They were able to trace back to specific people in the case and even found out that the fraudsters were HIRING tech support!
It's not an isolated case
While this specific case is eye-opening, this isn't just one case or company we're talking about. Criminals are impersonating several major cybersecurity companies, then using SEO techniques to rise to the top of search engine rankings. In fact, as I was writing this story, I received a warning in my inbox from KnowBe4.com. The warning, posted below, addresses this exact issue, and urges readers to share this information.
[WARNING] Bad guys have a new scam. They create websites that look just like the real sites from security software vendors like Symantec, McAfee, Malwarebytes, Kaspersky and others. When you search for these sites, you could very easily pick the fake site instead of the real one.
These sites will then try to trick you into believing there is a new security software version you urgently need to install. But when you click the download button, a popup shows an 800-number claiming there is something badly wrong with your computer which needs to be fixed immediately before you download the new version.
When you make that call, a scammer with a foreign accent answers the phone, demands remote access to your computer, and charges you a hefty credit card fee to fix an imaginary problem. It's not hard for the bad guys to create a fake website that looks just like the original, so make sure you verify that the website is legit!
Only give out confidential information when YOU have initiated the call and never call numbers in an email that just appeared in your inbox. Only call a toll-free number that you know beforehand is legit, like on the back of your credit card, a statement you have received in the mail, or the order confirmation email you received at the time you bought the product.
And remember... Think Before You Click!
