Fraudsters impersonating your Internet Service Provider are sending urgent malware warnings that urge you to call straight away to “resolve” malicious spyware on your computer. If you follow through on that request, they will maliciously resolve to remove money from your bank account.

“Malvertising” has become a multi-million dollar industry, and nothing is more profitable than claiming to remove malware from your personal computer that isn’t there in the first place. A review of your spam folder or voicemail messages may show a number of messages and calls claiming to come from Microsoft or your Internet Service Provider informing you they have supposedly discovered illegitimate software running on your computer that needs to be removed urgently.

These schemes have become very sophisticated, with warning warnings appearing in your web browser (as an embedded, pop-up or pop-under message) that identifies your general location and ISP as part of the malware alert. To enhance credibility, these messages include your ISPs logo and a professional-sounding audio message that warns your credit cards, passwords, and personal information are at risk.

Malwarebytes Labs, a legitimate fighter of all-things-malware, recently investigated these warning messages and dialed the toll-free number to see what would happen next.

[Our call was] handled by a tech support company out of India that goes by the name of Credence Incorporation and operates a website at: support-samurai.com.

As always, the technician that took remote control of our machine found many “infected files”, using outrageous (for anyone tech savvy) tricks:

Many people won’t know the difference, but the above command is by no means a way to scan a system for malware. Sadly, this sales pitch will still prove effective and those crooks will be able to extort several hundred dollars for non-existent computer problems.

At the time of writing this blog, we noticed that all the fraudulent websites had been shutdown. They had been registered under disguise with the following identity:

Registrant Name: Elizabeth Gonzalez
Registrant Organization: Sky-IP
Registrant Street: Addison House Plaza, street 57
Registrant City: Panama

The scam relies on your IP address to show your ISP and general geographic location. After calling, they’ll take your credit card number and bill up to several hundred dollars deleting non-existent malware while getting your permission to take remote control of your computer. Non-tech savvy users will probably never suspect a thing.

In addition to using a legitimate anti-virus program, it doesn’t hurt to have a second malware detector working for you. We found a promotion today for Malwarebytes Premium (1 year subscription for up to three computers), through Newegg.com for $12.00 (free shipping) using promo code: EMCEHGF27 

(Stop the Cap! does not receive any commission or any other benefits from Malwarebytes or Newegg. It was simply the cheapest price we could find for the software and is subject to expire after today.)