Tech support scams often involve malvertising attacks using common exploit kits like Angler EK or Nuclear EK, but scammers can also lure victims through less complex exploits. For example, researchers at Malwarebytes noticed a scam using a malvertising campaign delivered from a few lines of code.
While browsers like Chrome block web sites' attempts using JavaScript to create infinite loops that prevent users from leaving the site, scammers are using redirect techniques to defeat these browser protections. When users attempt to unload the fake error message, the "Leave Page" button triggers a URL redirect.
“That URL points to a subdomain from the original scam page, which in turn repeats the process with another subdomain, in effect creating what looks like a never ending situation,” wrote senior security researcher Jérôme Segura, in a Malwarebytes blog post.
Tech support scammers have also launched campaigns using Google AdWords and links from fake Facebook accounts to direct targets to tech support scam websites.
