In The News‎ > ‎

Telephone Help scam and Win Free Stuff Survey scam

posted Jul 28, 2015, 9:27 AM by Craig Cox   [ updated Jul 28, 2015, 11:19 AM ]
So far, I haven't seen my scam forecast validated, but the summer's not over yet.  However, two reports just this morning show some unusual approaches and sophistication.  Here are new ways scammers are trying to get your attention.

The first one came in from Tony Rispoli, our Stanton/George campus CS Manager.  This popup he reported is shown here; you can click to see a larger version.  The gist is that you're about to visit a bad site, and you should call their toll-free number for help.  The "bad site" is google.com.
photo of screen

I have highlighted a few points where the scammers are trying to reassure you that they're here to help.  Anybody can claim to be a security practitioner, a help desk tech, or a county password inspector.  Because web pages are so easy to falsify, you really want to call numbers you already know, such as your local campus customer service.

I have blurred out the scammer's toll free support number.  This looks like the setup for the telephone tech support scam.  In its original form, they would cold-call homes and tell people that they had detected a virus on a computer in the household; if the homeowner fell for it, they would walk through downloading the scammer's software - some kind of malicious compromise ironically advertised as a fix.  Adding insult to injury, the victim is often charged for this "service."

If you see this on a college computer, please notify your local computer support folks; we will probably want to scan your computer and possibly reset your profile, to make sure that the web browser doesn't pop this up anymore.

The other interesting scam this morning was also a browser pop-up, promising valuable gifts for completing a survey about your Delaware Tech experience.  Hat tip to alert instructor Keena Ross of the Owens campus for reporting this!  Keena copied and pasted the text of the pop-up, along with the link, in an email report to me.  On a sacrificial virtual machine (don't try this at home) I examined the link.
survey scam

Again, clicking the image will show you a larger copy.

A quick look under the hood (with sage advice from Rob Wiltbank of the IIT Applications group) showed that the six questions didn't actually collect any answers.  It appears to be a clicking exercise, in order to get you excited about your $50 reward for answering.

There is no such thing as a free lunch!

I have not followed the links at the end of the survey.  They go to a site only registered in February of this year, and there's very little reputation information available.  The survey site itself is only about a year old, and what little reputation info is out there suggests that they try to evoke the good name of Consumer Reports to appear legitimate.

The endgame could be credit card harvesting, since they're asking for small amounts of money for the "free" prizes.  It could be the download of malicious software.  Giving any contact information at all virtually guarantees that scammers will contact you with additional scams.

When you see these things pop up, please think before you click.  Don't be lured by prizes, and don't be frightened by error messages.  If you're not certain, report it to me or to campus customer service.