By browsing without my ad blocker on some less-reputable website, I got this popup that simulates a blue screen and asks me to call some number to get assistance fixing a security issue: (recent capture from a VM, the text changed a bit recently):
My first reaction was "LOL, nice try, I'll just close this". But then I remembered I could have some fun by creating a VM and letting them "fix it".
So I set up a VM and call the number. I start explaining how I was browsing the web when I got this message. They say "not a problem", and ask me to press Windows+R and go to www.teamviewer.com and start a remote session.
When they're already in my VM, they connect me to the Microsoft server using ping www.microsoft.com (LOL ) :
After that, they run some directory scan:
OMFG "network has been hacked", "virus detected", what will happen to my PC now?
Don't worry, Windows Alerts got yo' back:
For a very reasonable price, just US$ 199,99, I can have lots of stuff like "security software new" and a 1 year "warrenty" :D
If instead of visiting that link, you visit matchmakerwin.biz, you'll see they're Microsoft Certified Professionals, totally legit, and you even get another toll free number to call in case the other one doesn't work. How nice!
I mean, they got a sticker, it's gotta be legit, right? :D
Jokes aside. I've sent the link to several security vendors, but on VirusTotal, only Bitdefender is detecting it, and F-Secure, although not on VirusTotal, replied saying they'd add it to the database.
It's been 3 days since I messed with them in the VM, you'd expect a lot of vendors to have blacklisted that site by now.
Also, to my surprise, they don't seem to be interested in personal info. I called them several times and they ignored that I had a folder on my VM desktop saying "work docs", with a blank text file called "login data.txt". They just want your money.
Take care and don't trust your antivirus/antiphishing/anticyberterrorism, trust yourself!
Edited by ransomwolf, 13 August 2015 - 12:18 PM.