Hackers and scammers can always be expected to come out with ingenious ways of phishing and intruding illegitimately into the systems of innocent users to steal information.
The latest to come to light is a scam where call optimization services are being used to gather the phone numbers of users without their knowledge.
The ostensible purpose could be to carry out their own tele-marketing activities once they possess the numbers.
Leading cybersecurity company Symantec has found this scam and has put out a detailed blog post on how the tech support scammers operate.
A Customer Service Tool Turned on Its Head
Most businesses use the call optimization services as a customer support tool. The software program allows them to manage the service.
Businesses can find out where the inbound call is coming from, capture the customers’ phone numbers for future management and a multitude of other features like analytics and routing, apart from recording the calls.
The call recording is done for the double purpose of training and keeping a record of the customer’s complaint and the way it was handled.
These are meant to assist the company in getting positive and negative feedback from their customers in order to make improvements to products and services.
It is an ongoing process, and customers all over the world rely on this customer service support. Businesses, on their part too, might not have given a thought that an innocuous service like this could be hijacked by scammers for their own ends.
How the Scam Is Perpetrated
Symantec’s blog post has explained how this scam is carried out.
It starts with the customer trying to visit a customer support page, but they are presented with a fake or malicious site.
It has a message informing the user that their system stands blocked as some malware has been detected and then a toll-free phone number appears at the bottom for the customer to call, to get out of jail.
Even more damaging is that there is an additional voiceover giving out the same warning.
Symantec’s team did their own research to trace the JavaScript code and found that the script reveals not only the browser used by the victim, but even the version of the browser being used.
This is considered a little unusual. And this is how the user is forced to visit another page which is malicious too. At the next stage, the phone number of the scammer is retrieved and displayed on the webpage.
Even this scam is being done with advanced technology, since it can detect the location of the victim and dynamically insert a number that matches with the user’s location/country.
This is essential because if the user does call up that number, they must have someone capable of responding in the language they understand. The scammers seem to have thought through all these aspects while modeling their scam.
Service Providers Need to Be Cautious
Having learnt of this malicious activity by tech support scammers, the businesses which have deployed the call optimization service programs and those running these services for the businesses, will have to be extra careful on building sufficient protection in their software to fend off such intrusions.
There are cybersecurity firms which have developed products that can detect any malicious activity of the type described above and prevent them as well.
Some even claim to have stopped millions of incidents from being carried out. Therefore, the solution is very much available.
It is for the users to become aware of the issue from the scammers and the existence of effective anti-virus and anti-malware products in the market, to protect their customers from falling victim to such malicious attacks.
The operative programs here are intrusion preventions systems (or IPS). Look around for IPS-based products and buy and install them within your network without any delay and stay protected.