A major printing script company was discovered abusing Amazon AWS a cloud-based platform to engage people in tech support scams.
Malwarebytes researchers discovered a “large print shoplifting campaign” that began about a month ago after receiving a tip from a computer technician working at a local store.
The company is also quite dangerous as victims are not only “charged” for the “tech support” service they receive, but the scammers often end up accessing victims’ bank accounts and draining them later.
Forging a security issue
The typo is a popular technique among cybercriminals, and it relies on people making a typo either out of ignorance or by accident. If a person were to type in the website they want to visit by mistake, they would usually see a message saying that the website does not exist. However, some criminals obtain these mistyped domains and use them to create malicious landing pages hosted on AWS.
In this case, unknown actors obtained a Wells Fargo-like domain – wellsfargo[.]cm (instead of .com). People visiting this website will receive a pop-up message stating that their endpoint has multiple viruses (opens in a new tab) and threats that it is “locked” for security reasons and that they should call customer service at the phone number on the landing page.
In addition to the risk of talking to scammers on the phone, giving them access to devices and possibly even bank accounts, there is also the risk that scammers know people’s phone numbers, which can later be used in identity theft (opens in a new tab) fraud.
The best way to protect yourself against such attacks is to make sure you’re entering addresses correctly and to be suspicious of any security pop-ups that say the device is “locked” and urge the user to take immediate action.
While Malwarebytes claims it’s a serious typo-buying campaign, it listed 10 domains that were recently hijacked, including Amazon, DuckDuckGo, Walmart, and Home Depot. We do not know how many people may have been affected by this attack.