People Facing Printer Problems Scammed via Fake Driver Downloads

### #PrinterScams #TechSupportFraud #MaliciousAds

Summary: Scammers exploit frustrated printer users by creating fraudulent ads that lead to fake support websites, tricking victims into downloading non-functional drivers and potentially compromising their personal information. This blog post outlines the mechanics of these scams and offers advice on how to avoid falling victim.

Threat Actor: Tech Support Scammers | Tech Support Scammers
Victim: Printer Users | Printer Users

Key Point :

  • Scammers use malicious Google ads to lure users seeking printer help, often impersonating trusted brands like HP and Canon.
  • Victims are directed to fake sites that claim to install printer drivers but only display error messages, leading to frustration and confusion.
  • Scammers often request remote access to victims’ computers, enabling them to steal personal information or lock the machine for extortion.
  • Using browser extensions like Malwarebytes Browser Guard can help block these malicious ads and protect users from scams.
  • For legitimate printer issues, seeking help from official support channels or trusted online forums is recommended.

Anyone who has ever used a printer likely has had a frustrating experience at some point. There always seems to be some kind of issue with the software not responding, paper getting jammed or one of many other possible failures.

When people need help, they often turn to Google (and now AI) to look for an answer. This is where scammers come in, preying on unsuspecting and irate users ready to throw their printer out the window.

After clicking on a malicious Google ad, victims are redirected to a fraudulent site often using official brand names and logos. The crooks’ end goal is to get people to call them, and they achieve that by tricking them with fake printer drivers that always fail to install.

In this blog post, we review how this scam works and how to stay away from it.

Malicious Search Ads

Two of the most popular printer brands are HP and Canon. If you were to Google for help related to either of those brands right now, you would likely see sponsored results at the top of the search results page.

Unfortunately, in the majority of cases these ads are not from trusted providers but instead from tech support scammers. In the image below, you can see 4 ads shown for the query ‘hp printer help‘. It’s only after those that the official HP website appears.

If you were to say that consumers stand no chance, you’d be right. Unless you clicked on the official (organic search results), you’d end up getting scammed.

The list of sites includes:

megadrive[.]solutions
geeksprosoftwareprints[.]org
select-easy123print[.]com
printcaretech[.]com

The software driver scam

A driver is a software program that your computer uses to talk to physical hardware (i.e. your printer). In the early Microsoft Windows days, drivers were very important to get printers, monitors and other peripherals working. Today, the operating system is usually good at detecting new hardware and installing the required drivers automatically. There are some exceptions, not to mention that some manufacturers like to package additional software with their drivers.

After clicking on a malicious ad, the website instructs you to enter your printer’s model number in order to download the required driver, which it proceeds to “install”. This is entirely fake, and the only thing the website displays is a recorded animation that will always end up with the same error message.

This type of error is very similar to those seen in the “Microsoft tech support scam”, typically done via a browser hijack. Scammers want to scare and then get their victims to contact them directly, via phone or live chat.

Remote access and extortion

There are many people that fall for these types of scams and entire armies of tech support agents working in poor conditions ready to defraud them. The script is usually standard across scams, with the support agent impersonating a popular brand and requesting personal information from the victim.

It is quite common for scammers to request and be granted remote access to the user’s computer. This gives them leverage to do a number of things, such as stealing data, locking the machine or even using it to log into the victim’s bank account.

This is why it is so important to be extremely cautious with online search ads, and search results in general. Browser extensions such as Malwarebytes Browser Guard will block ads but also the scam or malware sites associated with these schemes.

This won’t help with your printer issues, but at least it’ll save you the trouble of being defrauded. When it comes to such questions, online forums are usually a good place to start, and if you’re lucky to count a computer person in your family, that’s always a good favor to ask for.

Source: https://www.malwarebytes.com/blog/scams/2024/11/printer-problems-beware-the-bogus-help