A script that links victims with fraud sites pretending to be official support with just one click

There are various frauds and viruses on the Internet, but Microsoft found that fraudulent sites pretending to be technical support on the official site are working on fraud using a pop-up screen that makes a phone call with one click doing.

New tech support scam launches communication or phone call app - Windows Security blog
https://blogs.technet.microsoft.com/mmpc/2017/11/20/new-tech-support-scam-launches-communication-or-phone-call-app/

New Microsoft tech support scam can turn a user into a victim with one click - TechRepublic
https://www.techrepublic.com/article/new-microsoft-tech-support-scam-can-turn-a-user-into-a-victim-with-one-click/

Blog that conveys latest Windows related security information by Microsoft official · Windows Security blog reveals the existence of a new Internet fraud in which a fake technical support site automatically launches a telephone dial such as a smartphone and calls support I will.

There are often fraudulent sites disguised as technical support, but these are continuing to display a popup screen for visitors, and the user becomes uneasy as "I might have made something wrong ..." It is designed to be. For this reason, most of the latest web browsers have restrictions such as not to open multiple pop-up screens at the same time so that they are not misused by these kinds of internet fraud.

However, in the newly found Internet fraud, it was displayeddialog boxIf you mistake clicking on it even once, the telephone will be connected immediately and you will have to pay expensive international phone fee. Also, since the telephone partner is a fraudster pretending to be a support, if it tells the information to the other party without being doubt told without any doubt, it is possible to convey the user information and the bank account information used on some kind of service Sexuality is also considered sufficiently.


Microsoft's security team deciphers the code used to pop up the dialog box and finds a very simple JavaScript that does not contain the phone number specified on the fraudulent site. As JavaScript does not contain a specific phone number, it is a script that directs the phone number on the web page to be multiplied with one click, so anyone at Copipe can easily imitate the mechanism of fraud . In other words, with the script found this time as a template, there is a high possibility that the same fraudulent site is growing in places we do not know. Technology-related media TechRepublic considers this script to be sold on the Internet black market.


In addition, this Internet fraud seems to be optimized for smartphones, the site adopts responsive design, the popup screen is also displayed as follows. Microsoft wrote, "The threat of technical support fraud has expanded to users of various platforms, devices, and software," he says.


There are several fraudulent sites pretending to be official website support. Things pretending to be Apple ... ....



Various things pretending to be Microsoft. Even if it is not a support site, if you put on a mail-order site etc, it is possible to easily hear personal information etc. from a damned person, so it seems to be said that a script that can be easily used by Copy is quite troublesome.


Measures against such threats are extremely simple, just check if the telephone number to the support you are seeing is really correct. Also, if Edge is Microsoft's web browser, it seems to automatically block websites that support support fraud.