A new support scam campaign is targeting major online brands
When it comes to passwords, LastPass knows a thing or two, as you would expect from a company that has built a reputation for developing a leading password manager application. So, when it issues a warning about a major hacking campaign using fake Chrome web store reviews, en masse, directing victims to a phone support center where they will be encouraged to enter their credentials, you had better take it seriously. When the same hacking campaign has been found to be targeting users of brands including Amazon, Facebook, Netflix and PayPal, the warning takes on even more criticality.
Password Hackers Build A Wall Of Fake Trust Using Chrome Web Store Reviews
The LastPass warning, published Oct. 30, was the first to make users of the password manager’s Chrome extension aware that an ongoing password hacking campaign was underway. The threat actors were, it appeared, using fake reviews submitted in bulk to the LastPass Chrome web store app page in order to leverage trust in a completely malicious so-called support center.
Anyone calling the fake support number, at a time when they are vulnerable because they are obviously seeking help for a problem they cannot solve themselves, will be asked about the product they are having issues with and ultimately directed to a site where their credentials can be exposed and stolen.
The use of faked support calls is not new, and seems to be an increasingly popular method amongst the cybercriminal fraternity when not comes to password-harvesting hacking campaigns. Just this last month I reported how one threat actor was using sophisticated AI-generated deepfakes to pursue such a support call scam against Gmail account holders. However, rather than calling users out of the blue, this latest campaign adds a layer of trust into the scam equation because it is the victim who is initiating the conversation.
Password Hacking Campaign Extends Way Beyond LastPass Users
An investigation by Bleeping Computer has found that the password hacking scam reviews campaign extended its reach far beyond just users of the LastPass Chrome extension. The telephone number, which I am not repeating here but can be found at Bleeping Computer, is also being promoted as a support center contact for a vast number of well-known online brands. These include Amazon, Adobe, Facebook, Hulu, YouTube TV, Peacock TV, Verizon, Netflix, Roku, PayPal, Squarespace, Grammarly, iCloud, Ticketmaster and Capital One, according to the Bleeping Computer investigation.
A scam posting to promote a fake support center claiming to represent PayPal
Messages in genuine support forums and subreddits, such as the one claiming to provide details for PayPal customer service, have been prolific in their appearance. Although they are being removed as quickly as possible by site owners and administrators, new ones then take their place. Users of any online services who do find themselves in need of support are advised to visit the homepage of the company concerned and follow the guide to help pages from there. Under no circumstances should you call a random number without first checking at the official service website. Remember that no genuine support center would ask for your full password over the phone or online.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25717638/IMG_0478.PNG?w=238&resize=238,178&ssl=1 "If the Electoral College has invaded your phone screen, here’s how to get rid of it")
