HTML: FakeAlert-T [Trj]


. Codes: HTML: FakeAlert-T [Trj] HTML:EvilCursor-B [Trj] debug-filing244.gq [URL:Phishing] 
 HTML:Tech-Scam-M [Phish]

. Filed under: Microsoft Tech Support Scams

. Properties: A technical support scam refers to any class of telephone fraud activities in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. Such calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.

In English-speaking countries such as the United States, Canada, United Kingdom, Ireland, Australia and New Zealand, such cold call scams have occurred as early as 2008.

The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks, typically involving utilities built into Windows and other software, in order to gain the victim's trust to pay for the supposed "support" services. The scammer will often then steal the victim's credit card account information or persuade the victim to log into their online banking account to receive a promised refund, only to steal more money, claiming that a secure server is connected and that the scammer cannot see the details. Many schemes involve convincing the victim to purchase expensive gift cards and then to divulge the card information to the scammer.


. Organizations affected: Microsoft

. Reported to: Scumware.org, Google Safe browsing (Report Phishing, Report Malware), Scammer Blaster.com, Netcraft (via browser extension) Emsisoft (via browser extension)

*Warning: For your safety, it is highly recommend that users do not visit any of the websites under the following codes:  HTML:EvilCursor-B [Trj]  debug-filing244.gq [URL:Phishing] 
These webpages are extremely aggressive and will cause crashes and other undesired effects.

. Screenshots:

HTML:EvilCursor-B [Trj]


HTML:EvilCursor-B [Trj]

HTML:EvilCursor-B [Trj]



HTML:EvilCursor-B [Trj]





. Offending URL's

*These websites are considered dangerous. For your safety, the links have been published as plain text.

https://windows-defender-alert--hacking-attempt-found-4890.s3.us-east-2.amazonaws.com/chrome_win/index.htm

https://nepgld.club/_Win_dows_QKV_3Y_JH6_BEP/P_KZIQRWYB_F01_/90JAMZD_/?n_b=MSg4NDQpNDcwIDk3MDU=&s_1=s365_1eMTE0N2I3VVtTSmFTVllAVmJWVUZram

https://geeklivehelp.us/norton/

https://geeklivehelp.us/

http://159.65.75.136/chrome_winos_xx/?phone=+1-(888)-610-7624&

https://sozuam.club/_Win_dows_QKV_3Y_JH6_BEP/P_KZIQRWYB_F01_/90JAMZD_/?n_b=MSg4ODgpNDEyIDc3NDU=&s_1=s1088_7Ngmrd8PyBTHExF2EVx7So

https://s3-ap-southeast-1.amazonaws.com/securityewin32bit.trozanerror-found/chrome_win/index.htm

https://redbang.club/us/en04/

https://s3-ap-southeast-1.amazonaws.com/esecuritywin64bit.trozanerrorx03001/chrome_win/index.htm

https://trozan-window-security-alert-401files-del.s3-ap-southeast-2.amazonaws.com/chrome_win/index.htm

https://tkqsou.club/_Win_dows_QKV_3Y_JH6_BEP/P_KZIQRWYB_F01_/90JAMZD_/?n_b=MSg4ODgpMzk2IDQwOTI=&s_1=s262_208

https://vnmvqe.club/_Win_dows_QKV_3Y_JH6_BEP/P_KZIQRWYB_F01_/90JAMZD_/?n_b=MSg4ODgpMzgxIDkyMjM=&s_1=s365_17MTE0N2I3VVtTSmFTVllAVmJWVUZram
Share: