A major print campaign misusing Amazon service has been exposed Aws A cloud platform to lure people into tech support scams.
After receiving tips from a computer technician working at a local convenience store, researchers at Malwarebytes discovered a “massive typo attack campaign” that began about a month ago.
The campaign is also very dangerous, as victims are not only “charged” for the “tech support” service they receive, but the scammers often end up accessing the victims’ bank accounts and subsequently draining them.
Fraud security problem
Typosquatting is a popular technique among cybercriminals, and it relies on people who make typos out of ignorance or by accident. If someone mistypes a website they are looking to visit – they will usually see a message that the website does not exist. However, some criminals get these wrong domains and use them to plant malicious landing pages hosted on AWS.
In this case, unknown threat actors acquired a domain similar to Wells Fargo – wellsfargo[.]cm (instead of .com). People who visit this site will get a popup saying that their endpoint is numerous Viruses (Opens in a new tab) and threats, that it is “closed” for security reasons, and that they should contact customer support via a phone number on the landing page.
Besides the risk of talking to scammers on the phone, giving them access to devices and possibly even bank accounts – there is also the risk of scammers learning people’s phone numbers, which can later be used in identity theft (Opens in a new tab) tricks.
The best way to guard against such attacks is to make sure that you’re typing the addresses correctly and suspect any security popups that say the device is “locked” and prompt the user to act immediately.
While Malwarebytes claims this is a major typo campaign, it has listed 10 domains that have been hijacked recently, including Amazon, DuckDuckGo, Walmart, and Home Depot. We don’t know how many people may have been affected by this attack.