Have you heard about this recent Comcast scam that combines several exploits including:
- Malvertisements
Legitimate looking, but malicious ads served by Google - Drive-by downloads
Click the malvertisement and it takes you to a malicious site that attempts to download malware onto your computer - Ransomware
Software that takes control of your data and attempts to extort a ransom from you to get it back - Social engineering
A pop-up that tells you to call a 1-800 number for technical support, where a criminal is waiting to take your credit card
This is one of the reasons why so many companies value employees that have a basic understanding of security. Even when Security+ isn’t a job requirement, it often adds enough value to your resume to get you a job interview.
I heard about this Comcast scam through KnowBe4. Here’s a cut and paste from their blog post.
More and more, legit-looking advertising served on major websites turns out to be malicious. Bad guys pay for and posts ads that they hope you will click on. But if you click on those ads, you get redirected to a compromised website. That malicious site might infect your computer with ransomware, and/or display popups that claim your PC has a virus and tell you to dial a toll-free number. If you call that number it will be answered by scammers who claim they are Microsoft but will try to charge your credit card to fix your computer. What to do? You need to stay vigilant at all times and “Think Before You Click”:
- Don’t click on links in emails but go to the website you want to visit using your browser.
- Do not click on display ads on websites but go to the website you want to visit using your browser.
- If you get popups that claim your computer has a virus and you need to dial a toll-free number, close your browser, and if this happens in the office, call the IT helpdesk.
In the office, IT will update your computer with the latest versions of software, but at the house you also need to update your applications to their latest versions. If you don’t do that, and you wind up on a compromised website, it will try to install malware on your computer. Remember, both in the office and at the house, you need to “Think Before You Click“.
Unfortunately, this isn’t just a Comcast scam. You can expect criminals to repurpose this attack to other Internet service providers soon.
Knowledge thwarts these attacks. The blog post encourages people to copy and paste the information and send it to family, friends, and employees. You can also just send them this link: https://blogs.getcertifiedgetahead.com/comcast-scam/.