Skip to main content

Call Us Today 301-791-7910

Bowers Blog

Free Antivirus Coupon Leads to Tech Support Scam

Scammers have found a new clever ruse to trick you into calling for assistance, and ultimately getting scammed.

 

The scheme is that users are redirected to this coupon page via a malvertising campaign:

 

 

 

It plays on special offers, discounts and time-limited deals to entice you to claim your product now, choosing between Norton or McAfee. After filling in your personal details (which are actually sent off to the crooks), a page simulates the offer being processed only to fail with an error message. Victims are misled into thinking that their offer was redeemed, but that they must perform a final call to get it completed.

 

This is where the tech support scam comes in. Once you call that number, you are routed to an Indian boiler room where one of many agents will take remote control of your computer to figure out what went wrong. (Un)shockingly, the bogus technician will identify severe problems that need an immediate fix.

 

 

 

Despite the scam being about Norton, the technician brushes it off as useless when it comes to the real deal: “Junk is a kind of virus which is the most harmful virus.” With his technical expertise, he proceeds to highly recommend the most expensive plan, for a lifetime low price of $400.

 

Of course, there is nothing there, it’s a pure rip-off where once they have your money, they couldn’t care less about helping you out (for a problem you didn’t have in the first place anyway).

 

The crooks are using 123care.co as the placeholder to download remote software and host the payment platform:

 

There are other scam domains also hosted on this IP (166.62.1.15):

instantpccare.com

quickbooks-certified.com

quickbooksphonenumbers.com

ip-166-62-1-15.ip.secureserver.net

trckx.xyz

carerequired.xyz

stop-security.xyz

cyber-alert-usa.xyz

stopsecuritycheck.xyz

before-you-proceed.xyz

certifiedsupport.info

pccare.site

onlinetechhelp.site

onlinetechsupport.site

cyber-alert-usa.online

call-855-345-0911.online

airlinescustomer.support

 

Instantpccare.com is familiar and related to a previous investigation where the owner of that tech support company incriminated himself by posting a comment on our blog which shared the same IP address as the remote technician who had just scammed us.

 

As always, please stay vigilant online when you see free coupons or other similar offers. They often are the gateway to a whole of trouble.

 

Post originally by: Malwarebytes Labs

Ready for an Instant Auto Quote that meets your needs? Let's Get Started