Security News > 2020 > October > XSS Vulnerability Exploited in Tech Support Scam
Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting vulnerability and are relying exclusively on links posted on Facebook to reach potential victims.
This, they say, suggests that the tech support scammers were regularly changing these links to avoid blacklisting.
Ly URLs would trigger a second stage redirection where a Peruvian news website containing a cross-site scripting vulnerability is abused for an open redirect.
"Besides redirecting users to other sites, an attacker could exploit the XSS to rewrite the current page into anything they like," Malwarebytes notes.
The researchers say they did not call any of the numbers, but the next step of the tech support scam is well known: the victim is told their computer has been infected and is urged to immediately purchase expensive software or services to clean up their system.