The latest method of infecting computers is surprisingly old-fashioned: it uses the telephone

Online researchers have documented a new malware campaign dubbed "BazarCall" One of the main "payloads" of this malware is the BazarLoader remote access Trojan, which can be used to give hackers full control of a PC and install further malware

The attack begins with an email informing you that the free trial of the medical service you supposedly signed up for will soon end and that your credit card will be charged $90 per month or some other ridiculous fee in a few days

According to The Record and Bleeping Computer, the subject lines include "Thank you for your free trial" and "Would you like to extend your free period?"

Naturally, you wonder what the heck this email is about, but you certainly don't want to pay for something you don't agree with Fortunately, the message includes a phone number to call to cancel your subscription and a subscriber ID number to which you can refer

You hesitate You've heard or seen phishing emails that direct you to a site that asks you for your password or tries to install something on your computer if you let them click on a link

But this email has no link It seems safe Also, what harm can be done by calling the phone number?

So I call the number You are put on hold You wait a few minutes Then a friendly call center operator (he or she sounds suspiciously like someone who is part of a tech support scam) comes on the phone and listens to your questions about the e-mail

The operator asks for the subscriber ID listed in the e-mail

Here's the important part The subscriber ID is very important because it allows the scammer to know who you are

"They can identify the company you received that e-mail from when you gave them a valid customer [ID] number over the phone," Binary Defense security expert Randy Pargman told Bleeping Computer "But if you give them the wrong number, they just say they canceled your order and it's all good without sending you to a website"[20

Below is a YouTube video explaining the entire process The interaction with the call center operator begins at approximately 2:45 minutes

Anyway, the customer service rep puts you on hold for a bit to verify your subscriber ID, then comes back to tell you who signed up for this subscription and provided a credit card There must be some mistake

The friendly customer support representative tells you that since this is about medical services, you need to fill out some forms online to cancel your subscription He sends you to a professional-looking website where you can continue the cancellation process

There are at least five possible websites, also listed here All of the ones we looked at looked the same, but someone went to great lengths to make each site look decent The websites include FAQs, privacy statements, terms of use, and even contact information, including the address of their Los Angeles office tower and a phone number in Southern California

We called several of the listed phone numbers, but were unable to reach them We also found that all five websites we visited had domains registered last week with the same alias and the same Russian e-mail address

When we returned to the customer support call, the representative directed us to the site's registration page, where we clicked on "unsubscribe" However, the unsubscribe box does not ask for my name or email address Instead, they ask again for the subscription ID number that was listed in the initial notification email they received

After clicking Submit on the Unsubscribe dialog box, the browser asks for permission to download a Microsoft Excel spreadsheet or Word document The customer support representative says that in order to cancel your subscription, you must download and open this document and digitally "sign" it

Now, because Microsoft Office files downloaded from the Internet are so dangerous, Windows itself "sandboxes" them so that macros (small mini-programs) cannot be run without permission

However, the customer support representative you are dealing with on the phone insists that you click on the yellow bar that appears at the top of this Excel or Word file to enable the macro so that you can "sign" the document

And that is the kiss of death As soon as the macro is enabled, the Office file installs malware called a "dropper"

In this case, the malware could be the aforementioned BazarLoader or the even scarier TrickBot Once these malware is running on your machine, the bad guys behind it can install coin miners, botnet software, or even ransomware on your device

If your machine is part of a corporate network, the malware can quickly spread throughout the enterprise

But you are unaware of this All you know is that you are filling out a form to cancel an unwanted and quite expensive subscription When you finish filling out the form, the call center operator tells you that your cancellation was successful

How can you avoid becoming a victim of this scam? First, make sure you have the best anti-virus software installed on your machine Second, be very careful of tactics such as downloading Office files and enabling macros This is often a recipe for disaster