An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltrations as well as deploying ransomware on infected systems. This campaign is based in India and has been active since last year, targeting a wide range of users from all over the world.

In an attempt to use the same modus operandi, MalwareMustDie researchers have created a fake call center, with the goal of identifying the network infrastructure behind it and share the information with law enforcement agencies in order to shut down these malicious call centers.

Researchers are reporting that scammers flood call line numbers with outbound calls, with one number generating around 100-200 calls per day. In some cases, they use such numbers to perform “whitelist testing” on potential victims by blocking certain regions or types of numbers. In most cases, however, the bank numbers and other sensitive information are replaced with something that looks real such as a U.S.-based telephone number.

Reports suggest that victims are often tricked into believing they have been connected to a call center for an “important UPS shipment” or some sort of online tech support. If the victim agrees with their request and answers the call, they will find themselves in a call center with a helpful Indian accent, who will attempt to get them to install spyware on their computers without giving them any real options of how to proceed.

In either case, the scammer will make sure that they are providing all of the necessary information to install software on the computer before hanging up. Victims are told that if they fail to perform the requests, the call center will be forced to “escalate” the issue to some sort of legal division that will pursue legal proceedings against them.

This threat is made even scarier by scammers who use official-looking names and corporate logos, such as “UPS Customer Service,” and a fake employee ID number. In reality, these scammers are just using random numbers and names in an attempt to make their fraudulent call centers appear legitimate. This could help them convince individuals that they are a real company’s outsourced tech support team.

Most of the time, scammers use a combination of high-pressure sales tactics and veiled threats to scare victims into installing remote control malware onto their computers. To keep these call centers operational, scammers require a constant stream of new victims to call in every day. Once inside the network, however, researchers managed to see that the calls are placed through VoIP (Voice over Internet Protocol) providers, which makes it easier for their location to be traced.

As part of this campaign, MalwareMustDie researchers created a fake call center using similar tactics and techniques that these tricksters are using in order to identify the network infrastructure behind it. This information will then be provided to law enforcement authorities once they are able to shut down these call centers.

“Call centers with misinformation are a nuisance, but it’s the malware hosted on victims’ computers that really makes them dangerous,” said Adam Kujawa, Malware Analyst at MalwareMustDie. “The malware used in these attacks is mostly ransomware and it encrypts victim’s files and displays a message demanding payment for their decryption key.”

“These monetary demands can range from $500 to around half a million dollars. Many users have paid these demands without realizing they were part of criminal schemes. Victims are often worried about losing their files and other data, so they pay the ransom and hope that their files will return,” he added. “Some of these schemes even come with a guarantee of returning the files.”

In most cases, the scammers trick users into downloading a piece of software that helps them generate revenue from every infected computer. Once installed, this malware is set to launch automatically at regular intervals on computers that it is monitoring. Once it does, it downloads other malicious programs onto the victim’s computer to help generate revenue for its operators.

Researchers are advising users to never open files or enter their personal information on suspicious websites, as well as avoid clicking on any links in unsolicited emails. If you receive a call from someone claiming to be from a legitimate company, ask for the details of the employee who is contacting you, such as their name, company department and telephone number. You can then check this information with your reference call center team or the organization’s official website.

Interested in reading more about attacks like the ransomware attack through call centers? Email Spoofing – Check Your Domain Security discusses another tactic used as malware like the call center, however, this time the attacker is trying to gain information through a spoofed email.

Liquid Video Technologies Logo, zero trust, Security, Video Surveillance, Greenville South Carolina, cybersecurity, call centers

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access ControlFire, IT consultant, or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.