Published: June 17, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
New owners of Amazon’s popular virtual assistant, Alexa, have been targeted by a widespread tech support scam. Alexa was developed to listen and respond to voice commands for its Amazon Echo and Echo Dot line of devices and is found in “smart homes” worldwide. The company recently discovered the setup for their virtual helper was being used as a lure in a financial fraud scheme.
Amazon has not yet said how many customers have been taken by the scam. But they do say the deception starts by downloading infected Alexis setup apps from Google Play Store. They also say it ends with Alexa and Echo customers paying for technical support that doesn’t exist. The company wants the public to know their setup support is always free and the infected apps have been removed from Google Play. However, it’s a little too late for those already caught in the scam who paid for the fraudulent tech support.
This is how it works: Users receive a pop-up window on their device alerting them to a problem with the virtual assistants and are given a phone number to call for help. From there, a fake tech support worker takes remote control of the user’s computer. The new Alexa device owners were told there were technical issues with setting-up the assistants. The plan also included fake Alexa setup support websites created to bolster their deceptive scheme. The scammers also demanded a $150 payment for a non-existent protection package that would “fix the problem.”
Amazon reports they discovered the fraud was perpetrated by two very questionable tech support companies. Both Robojap Technologies of Covington, Washington and Quatic Software Solutions in Punjab, India were the source of the scam. Robojap, believed to be behind Quatic, has a D+ rating from the Better Business Bureau (BBB). Despite their sketchy backgrounds, each company successfully placed infected Alexa support mobile apps for download on Google Play.
Tech support scams are nothing new to cybercrime, and all users should be aware of how deceptive they can be. Although Amazon says Google Play Store has removed the infected apps, they also remind the public they never charge a fee for technical help. Reading app reviews before downloading is always recommended and checking with the BBB can alert potential customers to a company’s dicey reputation before it’s too late.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org