{"id":119,"date":"2017-03-01T14:16:08","date_gmt":"2017-03-01T14:16:08","guid":{"rendered":"https:\/\/blog.gridinsoft.com\/?p=119"},"modified":"2024-07-04T14:58:09","modified_gmt":"2024-07-04T14:58:09","slug":"microsoft-tech-support-scam-affiliate-program","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/microsoft-tech-support-scam-affiliate-program\/","title":{"rendered":"Microsoft Tech Support Scam Affiliate Program"},"content":{"rendered":"

The Microsoft Tech Support Scam has recently gained popularity as a new sector of cyber attacks. Scammers, masquerading as Microsoft Technical Support, pressure internet users into calling a supposedly toll-free phone number. Contrary to their claims, this number incurs significant charges, enabling fraudsters to profit from each call made.<\/p>\n

Responding to numerous claims from our users about these cyber attacks<\/a>, we have conducted a detailed investigation into this fraudulent scheme. In this post, we will answer the most frequently asked questions about Microsoft Tech Support scammers. Being forewarned is being forearmed! We encourage you to stay vigilant to the signs and protect your safety while browsing. Do not allow scammers to exploit your fears!<\/p>\n

\"Microsoft
Tech Support Scam landing page example<\/figcaption><\/figure>\n

How Do Scammers Intimidate People?<\/h2>\n

Hackers employ various tactics to intimidate their victims, aiming primarily to profit. Fraudulent landing pages can switch to full-screen mode, disable main keys, and prevent the context menu from opening. Scammers can easily execute these actions using the following JavaScript code:<\/p>\n

\"Toggle
Toggle the full-screen mode<\/figcaption><\/figure>\n
\"context
Code using for menu blocking<\/figcaption><\/figure>\n
\"locked
Locking the main keys<\/figcaption><\/figure>\n

Interestingly, fraudsters even integrate Google Analytics into their malicious web pages!<\/p>\n

\"scammers
Google Analytics on scammers landings<\/figcaption><\/figure>\n

The horrible text messages are not the only thing which scammers are using to terrify their victims. There are also threatening voice notifications played. Usually, they are stored here:<\/p>\n

However, terrifying text messages are not the only tool scammers use to intimidate their victims. They also employ threatening voice notifications. Typically, these audio files, such as alert messages, are hosted at URLs like this:<\/p>\n

MALICIOUS_URL\/chrm\/alert2.mp3<\/code><\/p>\n

If you ever come across these scare tactics, remain calm and recognize that there is no real danger as long as you avoid calling the \u201cfree\u201d phone number provided by the fake technical support team.<\/p>\n

Microsoft Tech Support Scam: Scam-as-a-Service<\/h2>\n

The landing pages that our users unfortunately encountered are just the tip of the iceberg. In the world of cybercrime, Malware-as-a-Service has flourished for a long time. These newer scam techniques<\/a> can aptly be termed Scam-as-a-Service.<\/p>\n

On a recently discovered semi-private Russian underground forum, exploit.in<\/a>, we came across a description of an affiliate program:<\/p>\n

\"scam
Scam support affiliate program<\/figcaption><\/figure>\n

English translation:<\/h3>\n
\nThe private affiliate program of the tech support hires new publishers. Our landing page aggressively convinces people to call on your unique phone number (free), and you get a commission from each call. The standard rate is $ 4.5 per call. For the major partners with good quality and volume, the tariff is discussed individually.<\/em><\/p>\n