UK-based cybersecurity firm Sophos has reported new scams that exploit Web advertising networks to pop up fake system alerts on both computers and mobile devices.
“Clicking pop ups on phone or computer are inherently irresistible. Clicking a pop up indicating a problem with your device and prompting you to contact tech support is even more so, and that’s what cybercriminals are counting on,” the company said.
Sophos said it has found a resurgence of fake alerts, called scareware or malvertising, that lure users into thinking they need technical support and then buying fake apps or fleeceware off a mobile app store.
These fake alerts also now prompt users to “call back.” Above photo is an example of a fake alert on a mobile phone that makes phone calls, saving scammers from having to cold call or voice-phish victims.
“While browser developers have done a lot to make ‘malvertising’ more difficult, ad networks keep finding new ways to pop up content in your device browsers, and scammers continue to take advantage of ad networks to target more vulnerable people. Sophos’ research shows how expansive these ‘fake alert’ fraud schemes and the ecosystem that supports them still are, and how little investment and technical skill are required to run them,” said Sean Gallagher, senior threat researcher at SophosLabs.
As protections against malvertising improve on desktops, Sophos said it anticipates that more scammers will focus on the weaknesses of mobile devices.
However, fake alerts are easy to spot and remove, according to the tech firm. “Check for spelling errors and strange phrasing. If there is a countdown clock or intense pressure to call back, it is likely a scam,” it said.