Most people are aware of tech support scams or know someone who has fallen victim to them. You may go onto a website and be hit with a message saying there is an issue with your computer, the message will also offer a number to call to help you sort out the problem. Only, the problem doesn’t exist. The people behind the scam pretend to be from the technical support department of well-known companies, often Microsoft. The scammer will normally tell you that there is a virus or malware on your computer and that for a fee, they can remove it.
These scams used to be very successful in the early days of the internet, when people weren’t so savvy, and when antivirus wouldn’t detect and block the scam as it does now. Attackers have now evolved their techniques by obfuscating the scripts to avoid detection. There are several technical ways to do this including AES encryption, Base64 encoding, or creating custom obfuscation routines. This allows the scams to bypass security software and be seen by users.
This evolution of the TSS scam is unlikely to affect most internet users. By now most people know to ignore popups or alerts in their browser asking them to download something. But people who aren’t confident with browsers, and who aren’t very tech savvy are still likely to fall victim to the scam.