The federal law enforcement agency stated that scammers deceive victims into granting them access to their computers via email or phone calls by posing as representatives of technical or computer repair companies.
According to the FBI, scammers typically start by specifying the service to be renewed and include a fee, usually between $300 and $500 USD, causing a sense of urgency for the victims to supply information for a refund.
"In this case, the scammers pretend to help the victim secure a refund by gaining remote access to the victim's computer."
Although tech support scams are nothing new, the FBI said that recently, con artists started employing scripts created to mimic the appearance and feel of refund payment gateways in command prompt windows.
It has been discovered that some of the scripts imitate Chase Bank, JPMorgan Chase's division for consumer and commercial banking. In addition, other batch files used in this tech support campaign have also been uncovered. These batch files allow dynamic customization by changing the output's bank name using Windows environment variables.
However, these scripts aim to gather the targets' personal and financial data (such as full name, bank name, ZIP code, and refund amount) to facilitate unlawful wire transfers of money from the victims' bank accounts.
According to the FBI, "the malware will often launch a command prompt styled to seem like a service interface."
The script also has many pauses that encourage user interaction as they "wait" for a refund or other action to happen, as well as commands to send data to a text file.
Individuals who have been victims of this tech support fraud should report it as soon as possible by submitting a report to the Internet Crime Complaint Center.
The FBI also cautioned potential victims against granting remote access to their computers to unauthorized parties and against sending wire transfers in response to the advice they received from internet or telephone contacts.