Faking It: The Thriving Business of “Fake Alert” Web Scams
Sophos, a global leader in next-generation cybersecurity, reports new scams that exploit web advertising networks to pop up fake system alerts on both computers and mobile devices.
Clicking pop ups on phone or computer are inherently irresistible. Clicking a pop up indicating a problem with your device and prompting you to contact tech support is even more so, and that’s what cybercriminals are counting on. SophosLabs Uncut has researched a resurgence of fake alerts, called Scareware or Malvertising, that lure you into thinking you need technical support and then buying fake apps or fleeceware off a mobile app store. These fake alerts also now prompt you to “call back.” Below is an example of a fake alert on a mobile phone that makes phone calls, saving scammers from having to cold call or voice-phish victims.
“While browser developers have done a lot to make ‘malvertising’ more difficult, ad networks keep finding new ways to pop up content in your device browsers, and scammers continue to take advantage of ad networks to target more vulnerable people. Sophos’ research shows how expansive these ‘fake alert’ fraud schemes and the ecosystem that supports them still are, and how little investment and technical skill are required to run them,” said Sean Gallagher, senior threat researcher, SophosLabs.
As protections against malvertising improve on desktops, Sophos anticipates that more scammers will focus on the weaknesses of mobile devices. However, fake alerts are easy to spot and remove. Check for spelling errors and strange phrasing. If there is a countdown clock or intense pressure to call back, it is likely a scam. For more information about fake pop up alerts, please visit SophosLabs Uncut.