» ISP News » 

Scam Alert – UK Broadband ISP Users Targeted by Fake Support Pop-ups

Wednesday, June 22nd, 2016 (9:04 am) - Score 17,709

Customers of BT, TalkTalk, PlusNet and Sky Broadband in the United Kingdom (others may also be affected) are all being warned to keep an eye out for fake pop-up support messages that claim to come from your ISP (phishing), which due to a simple exploit can appear on even legitimate websites.

Some ISPs do very rarely interrupt your browsing session with a legitimate pop-up message, such as to inform customers about new Parental Controls that may need adjustment. But such methods can confuse consumers and don’t always work due to ad blockers or other device limits, which is one reason why they’re not a common approach.

In the past a number of website based phishing scams (i.e. the act of trying to steal your personal data or access your system by masquerading as a trustworthy entity) have separately attempted to use pop-up messages to fool end-users by falsely presenting themselves as official anti-virus scanners or claiming to be from your bank etc. It’s similar to when a cold caller phones your home and claims to be from your ISP, usually with a warning about viruses on your computer that need “immediate attention“.

Sometimes fraudsters get lucky and a user falls for the scam, which is always much more likely to happen if the pop-up looks as if it’s from a service that you actually use and this is one reason why big ISPs in the UK and other countries are increasingly being targeted. Most ISPs can be identified via a simple check of the user’s public Internet Protocol (IP) address (unless using a VPN or Proxy).

The latest approach similarly targets subscribers with a pop-up message that warns of “malware” (malicious software) on your computer and then advises that you call a support number for assistance, which obviously you should never do (they’ll probably use it to steal your personal data, charge an excessive call fee and or ask you to install software that compromises your computer). The BBC explains the latest process below.

How the Scam it Works

* Big advertising networks allow users to win ad space on websites by bidding at a particular price.

* Criminals are taking advantage of this to place adverts which are infected with a single “bad” pixel.

* This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site – they do not even need to click on the ad.

* The malware in the ad redirects users to a website in the background – invisible to the user – which checks their computer and discovers their IP address.

* From the IP address it is easy to find out which ISP owns which IP address.

* Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call.

Fraudsters are constantly trying new methods of social engineering to make their scams more effective and most ISPs do claim to put proactive effort into warning their customers about such abuses, but most subscribers rarely see the output from this; often it merely boils down to a bunch of notices posted on a web page that you probably didn’t even know existed.

Similarly it’s perhaps unrealistic to expect ISPs to spot every nefarious threat produced by online criminals (not least as they may not even know about them unless subscribers report it) and in any case the ultimate responsibility will always rest with the customer.

A BT Spokesperson said:

“Our advice is that customers should never share their BT account number with anyone and should always shred bills. Be wary of calls or emails you’re not expecting. Even if someone quotes your BT account number, you shouldn’t trust them with your personal information.”

Meanwhile Microsoft claims that many of the fraudulent call centres that get used in these scams have apparently been tracked back to India and the software giant is now working with local law enforcement in order to tackle them. TalkTalk have also had some problems with a tiny number of their Indian call centre staff (here), but such fraudsters can exist all over the world.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
4 Responses
  1. Avatar Con Bradley

    There s a scam that’s been around for months where someone phones claiming to be from BT and to support this they give you your correct BT customer number. The question that BT seem reluctant to address is how did the scammers get a set of correct BT customer account numbers. I have to assume that this was from some BT data breach that BT haven’t disclosed.

    • Basic personal details and account numbers can also be exposed when people throw away important letters without shredding them properly or have their computers hacked by a virus etc.

      The sheer volume of complaints usually gives you some clue as to whether something more widespread and specific has occurred, such as in TalkTalk’s case.

  2. Avatar DTMark

    I’ve seen this type of exploit before and it’s about time that ad networks started taking this seriously by actually vetting the content that is being served on their network.

    That said, in the event of a compromise, I’d imagine that the webmaster of the site that the user visited which served the ad is the one liable for any damages resulting in users’ machines being compromised in any way. On the two occasions I have reported this to the websites in question, no action was taken.

    While it won’t catch me out, it might well catch e.g. members of my family, and in “AK style” I wouldn’t hesitate to “go after” the site owners in question who have a duty of care regarding what is served to their users and most especially to put these things right when pointed at what is going on.

    The exploit works especially well on an iPhone since the pop-up fills all the available screen space and in order to get rid of it you need to exit the browser, double tap the home button, then swipe upwards to close the browser session completely. Apple could do with putting in some blocking software that stops this.

    • Probably because the website can’t do much about it as the adverts are rotated and managed automatically by the network on a remote server. Sometimes you can black list a specific advert or maybe stop the website talking to a server that’s been exploited, but only if you have enough identifiable data from the end user to take meaningful action.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER20
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • TalkTalk £22.95 (*29.95)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £75 Reward Card
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2737)
  2. FTTP (2656)
  3. FTTC (1765)
  4. Building Digital UK (1719)
  5. Politics (1628)
  6. Openreach (1587)
  7. Business (1400)
  8. FTTH (1329)
  9. Statistics (1217)
  10. Mobile Broadband (1193)
  11. Fibre Optic (1047)
  12. 4G (1025)
  13. Wireless Internet (1009)
  14. Ofcom Regulation (1002)
  15. Virgin Media (987)
  16. EE (677)
  17. Sky Broadband (661)
  18. TalkTalk (651)
  19. Vodafone (649)
  20. 5G (485)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact