Threat Management, Threat Management

Scammers impersonate legit cyber-security companies

Malwarebytes has uncovered its doppelganger. Or at least, that's what the doppelganger would have you believe.

Researchers from the California-based cyber-security firm discovered a site masquerading as its own.

his was all down to group called Tech Kangaroos, a syndicate that appears to be making money by impersonating legitimate IT security companies, luring unwitting customers and then charging exorbitant rates to do absolutely nothing.

The thieves  had stolen the images from legitimate websites to set up their own versions which, notwithstanding the large 1-800-277-6232 number and the boilerplate text that appeared on every cloned webpage, looked similar to the originals.

Jérôme Segura, senior security researcher at Malwarebytes, told SCMagazineUK.com that this scam was  uncovered  merely by using a search engine, the same way a prospective victim might.

“These scams are particularly effective because they have a 'phishing' element to them. People looking for the legitimate brands will inadvertently come across those fake sites and be lured into talking with tech support agents, who are essentially trained con artists”, said Segura

He added, “Unfortunately it is not the first instance (nor will it be the last) of this kind of scam. However, we are actively going after crooks who leverage our brand and reputation to con innocent people.”

Such clone-sites were found impersonating the great and good of the cyber-security world including not just Malwarebytes but Symantec/Norton, Kaspersky, ESET and others. While Kaspersky declined to comment, a spokesperson from Symantec/Norton told SC, “These types of scams are a significant problem, as the individuals behind them need little more than a website and phone number to pull them off, tricking consumers into giving away banking information, passwords, or even money. Unfortunately, like most established, consumer-facing companies, we see these kinds of organizations try to profit off our name by impersonating our brand.”

Symantec further added that the company has been working “to educate users for years against such scams, whether they involve our brand or not”.

Once a user had been lured in, perhaps with one of the group's search engine advertisements, the Kangaroos take remote control of the computer, ‘fix' the problem and then charge them a hefty fee. Malwarebytes researchers said they were presented with a bill for $1000 (£600).

Furthermore, when the researchers pressed the mysterious ‘technician' on who he worked for, the researchers claim that the technician tried to force a reboot, “in an effort to damage our computer”.

Malwarebytes isn't alone in this experience. Others unlucky enough to enlist the ‘services' of this company have noted  similar treatment. Some report thousands of dollars exiting their account with prompting, others that they had been defrauded by paying for services which they never got.

Malwarebytes claims to have traced the imposter company back to a call centre in New Delhi. A quick ‘whois' search led researchers to an individual called Moksh Popli, the managing director of a company called Instant PC Care. Popli did not respond to request for comment by SC.

However, he did comment several times on the page that disclosed the Tech Kangaroos scam, claiming that his company is merely a third party and that his accusers at Malwarebytes were the ones being dishonest.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.