Scam Alert – UK Broadband ISP Users Targeted by Fake Support Pop-ups

Customers of BT, TalkTalk, PlusNet and Sky Broadband in the United Kingdom (others may also be affected) are all being warned to keep an eye out for fake pop-up support messages that claim to come from your ISP (phishing), which due to a simple exploit can appear on even legitimate websites.

Some ISPs do very rarely interrupt your browsing session with a legitimate pop-up message, such as to inform customers about new Parental Controls that may need adjustment. But such methods can confuse consumers and don’t always work due to ad blockers or other device limits, which is one reason why they’re not a common approach.

In the past a number of website based phishing scams (i.e. the act of trying to steal your personal data or access your system by masquerading as a trustworthy entity) have separately attempted to use pop-up messages to fool end-users by falsely presenting themselves as official anti-virus scanners or claiming to be from your bank etc. It’s similar to when a cold caller phones your home and claims to be from your ISP, usually with a warning about viruses on your computer that need “immediate attention“.

Sometimes fraudsters get lucky and a user falls for the scam, which is always much more likely to happen if the pop-up looks as if it’s from a service that you actually use and this is one reason why big ISPs in the UK and other countries are increasingly being targeted. Most ISPs can be identified via a simple check of the user’s public Internet Protocol (IP) address (unless using a VPN or Proxy).

The latest approach similarly targets subscribers with a pop-up message that warns of “malware” (malicious software) on your computer and then advises that you call a support number for assistance, which obviously you should never do (they’ll probably use it to steal your personal data, charge an excessive call fee and or ask you to install software that compromises your computer). The BBC explains the latest process below.

How the Scam it Works

* Big advertising networks allow users to win ad space on websites by bidding at a particular price.

* Criminals are taking advantage of this to place adverts which are infected with a single “bad” pixel.

* This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site – they do not even need to click on the ad.

* The malware in the ad redirects users to a website in the background – invisible to the user – which checks their computer and discovers their IP address.

* From the IP address it is easy to find out which ISP owns which IP address.

* Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call.

Fraudsters are constantly trying new methods of social engineering to make their scams more effective and most ISPs do claim to put proactive effort into warning their customers about such abuses, but most subscribers rarely see the output from this; often it merely boils down to a bunch of notices posted on a web page that you probably didn’t even know existed.

Similarly it’s perhaps unrealistic to expect ISPs to spot every nefarious threat produced by online criminals (not least as they may not even know about them unless subscribers report it) and in any case the ultimate responsibility will always rest with the customer.

A BT Spokesperson said:

“Our advice is that customers should never share their BT account number with anyone and should always shred bills. Be wary of calls or emails you’re not expecting. Even if someone quotes your BT account number, you shouldn’t trust them with your personal information.”

Meanwhile Microsoft claims that many of the fraudulent call centres that get used in these scams have apparently been tracked back to India and the software giant is now working with local law enforcement in order to tackle them. TalkTalk have also had some problems with a tiny number of their Indian call centre staff (here), but such fraudsters can exist all over the world.