Tech Support Scammers Attempt to Extort Users After Abusing Ad Provider Taboola

Native advertising and content provider Taboola was abused by tech support scammers who used malicious advertising, known as malvertising, to extort money from site visitors. In a recent campaign, threat actors inserted a malvertisement, promoted by Taboola, as a native advertisement on a popular web page. When clicked, that malicious ad redirected users to a tech support scam page that displayed a pop-up warning claiming the victim’s computer had crashed and encouraged him or her to call the phone number provided for assistance. The warning contained code that continuously reloaded the page and prevented it from being closed to try and spur the victim to call the number. If the call is made, the threat actors behind the campaign will attempt to extort money from the victim. The NJCCIC recommends users review the Malwarebytes article on this threat and remain cautious when clicking on any advertisements or promoted articles, even if they are displayed on reputable websites. Additionally, refrain from calling any phone number that appears on pop-ups, consider installing reputable ad-blocking and/or script-blocking extensions in web browsers, and ensure browsers are kept up-to-date. The NJCCIC would like to remind all users that companies such as Microsoft will never contact them if there is an infection on their computers.

AlertNJCCICScam, Taboola, Campaign