Jun 23 2016

ISP Phishing Scam

The BBC is reporting cyber criminals are targeting users with a fake pop-up window designed to look like a legitimate message from the user’s ISP. The message states there is malware on the user’s system and please call the toll free number provided. It’s a scam. But as phishing campaigns go this one is particularly nasty. Criminals are using the credibility of real ISPs to attack consumers.


The attacks so far have occurred in the US, Canada, and Great Britain. However the method the cyber criminals are using to gain user ISP information is very sophisticated. Here’s how they do it:

Cyber criminals are buying ad space on big ad networks. The ads are infected with malware on a single pixel. The malware can infect users from the background while they browse a legitimate site – users do not need to click on the infected ad! The malware redirects users to a background website, unseen by the user, which checks their IP address. From the IP address hackers can determine a user’s ISP. A pop-up specifically designed to appear from the user’s ISP is inserted into the browsing window with a toll-free number to call. Acting as “representative of the ISP,  hackers then gather personal information from the victim.

In addition, cyber criminals are cold calling victims. They purchase toll-free numbers and pretend to be help desk support from the victim’s ISP. Again, personal information such as date of birth, social security number, credit card information is gathered from the unsuspecting victim. These kinds of attacks tend to target older and less technically aware users, but even the technically savvy can be fooled by the pop-up window phishing scam! “It caught me by surprise and I almost thought that it was real”, said Jerome Segura, a security consultant at Malwarebytes.

In both cases cyber criminals will either steal the user’s credit card information or persuade the user to download malware and, under a different guise extort money to then remove the virus at a future time. The BBC estimates US victims alone will pay out $1.5 Billion to scammers.  

Users can protect themselves following a few simple tactics:

  • Check the address bar to make sure the sender is legitimate
    • Verify the source of email, pop-up or phone call
  • Contact the IT or Security staff if anything seems suspicious

Think to yourself. “Does it make sense to receive this type of message or request?” If you are not part of the IT team does it make sense you are receiving a message from the company’s ISP? If not, there’s a chance it’s something malicious.

Companies need to educate and train their staff about security and cyber hygiene – protecting themselves through the vigilance of well trained, security conscious employees. Spending thousands of dollars on infrastructure upgrades and security becomes meaningless with one unaware click on a suspicious pop-up that triggers a breach.  It’s imperative for companies to understand their vulnerabilities through risk and compromise assessments to better protect themselves.

If you are interested in learning more about spear phishing, cyber crimes, cybersecurity and how to create a resilient business, please contact us at: contact@layer8cybersecurity.com