Other issues in this category (23)
Friday, March 17, 2017
Windows glitches have been considered not only a meme for many years, but, in a way, also the norm. We’ve gotten used to system freezes and unexpected restarts and programs that don't launch. In most of these cases, ordinary users don’t contact tech support, especially if it doesn't happen often. And cybercriminals took advantage of that.
While faking problems in people’s systems, they encouraged their victims to call a fraudulent support hotline.
A specially crafted malicious site created the impression that the systems involved were completely frozen. After entering the malicious site, users would have their systems overloaded with huge quantities of draft emails, making the systems run out of memory and freeze. The text in the messages indicated to users that malware had been detected on their computers and that they should immediately contact Apple support, using the phone number provided in the message.
Two versions of this fraudulent scheme were discovered: with the first, the system was rendered non-operational by draft emails, and with the second, this task was performed by iTunes:
Reportedly, the first issue was resolved in macOS Sierra 10.12.2 so users who keep their system up-to-date should be safe. However, attacks that use iTunes remain feasible.
This attack can be categorised as an example of fake anti-virus fraud (another example is described in the issue Charlatan protectors), which is when a user visits a certain webpage and sees a message claiming that their system is infected and that an anti-virus needs to be installed to remove the malware. People panicked instantly, even if they already had a reliable anti-virus installed on their computers. After all, anything can happen, right?
Experience shows that ordinary users not only do not know the contact details of the support services for the programs they use, but sometimes, they don’t even know what programs they use. This makes attacks of this kind possible.#fraud #phishing #rogue_security_software
The Anti-virus Times recommends
Fraudsters use all sorts of tricks to make users part with their money. As time goes by, their arsenal of tricks becomes even more extensive, and most of them exploit a lack of attention or IT background as well as the absence of anti-virus software. If you’ve enabled your Dr.Web Parental Control or Anti-spam (which would filter out a phishing email with a link to a bogus website), the attack described above is unlikely to be successful.