Emails with subjects like “Do you want to extend your free trial?” and “Your free period is about to end!” are being used to spread trojans and other malware.
These malicious emails claim that your free trial is about to expire and that you must call a phone number if you want to cancel your subscription and avoid a charge of up to $90.
The people who answer the phone instruct the callers to download a document that is infected. This downloads a trojan on the victim’s device.
This free trial expiration scam is known as BazarCall.
Free Trial Expiration Scam quicklinks
- How does the free trial expiration scam work?
- It starts with malicious email spam
- To unsubscribe, download the infection
- How to protect yourself from the free trial expiration scam
- Delete all malware
- Protect your personal information
- Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
About the free trial expiration scam:
Type of threat | Trojan,
scam. |
---|---|
How the free trial expiration scam works | Spam emails claim that you have an expensive subscription,
to cancel this (nonexistent) subscription, you’re instructed to download a document, the document downloads and installs a trojan. |
How to remove the trojan | Find and delete all malware with antivirus programs (Spyhunter, others) |
How to protect yourself from the free trial expiration scam | Delete all malware,
check your bank account for unknown charges, reset your passwords. |
How does the free trial expiration scam work?
It starts with malicious email spam
The free trial expiration scam starts with an unexpected email (How Do Spammers Get My Email Address?). This email claims that your free trial is about to end in a couple of days. The email doesn’t address you by your name, but by a subscription number.
The text of the email should be similar to this:
Dear Subscriber, [subscription number]
Your free period is almost over… How was it? But you chose to stay with us!
You rmembership will be continued using a payment method you already mentioned.
In order to saty with us you will be charged $69.99 per month.We are really excited that you are with us, let’s move to premium!
If you would like to learn more about your order, get in touch with the Customer Service Center at: [phone number] or visit our website.
Thank you for choosing [company name]
The sender addresses so far have looked something like this: [email protected], [email protected], [email protected]. These are from a post compiled by a malware researcher that you can find here: Pastebin.com.
The free trial that these scam emails are talking about is on a completely made-up service. with a name that you’d probably never heard before getting the email, such as “Blue Cart Service”, “iCart”, “iMed Service”, “Medical Reminder Service”, etc. These services even have their own websites that use a really nice template and look very professional.
If you ignore the Lorem ipsum privacy policy, that is.
To unsubscribe, download the infection
A researcher uploaded a video on YouTube of how the free trial expiration scam progresses: BazaCall (BazarCall) Example.
If you were to call the phone number included in the malicious email or to follow the link mentioned in it or the attached document, you would be directed to one of many fake websites that have been set up for this scam. On these websites are forms to cancel your made-up subscription.
Putting in the correct number into the Unsubscribe form downloads a spreadsheet – an Excel document. This document might say that it’s encrypted or that it can’t be previewed. It instructs you to enable macros (additional features for interactivity) by clicking the “Enable Content” button that Office programs display. (Office programs disable macros by default because of security risks.)
The spreadsheet is infected with malicious macros that, once enabled, download a malicious trojan.
This specific free trial expiration scam was dubbed BazarCall because it involved phone calls and it spread the Bazar trojan. Bazar collects information about the infected computer and then downloads a banking trojan, such as TrickBot. Banking trojans steal online banking credentials and may inject overlays into banking websites to steal transactions.
How to protect yourself from the free trial expiration scam
Delete all malware
If you downloaded any documents because of the free trial expiration scam, if you opened those documents, then a trojan may have infected your computer. You can use antivirus apps (such as Spyhunter) to remove trojans. A more extreme option is to reset Windows, but even then, an antivirus scan might be need afterward.
If you suspect that your computer is infected, do not use it for online banking or any other sensitive and personal tasks. If you aren’t sure about what to do, it might be wise to disconnect the infected computer from the internet or to simply keep it turned off. Trojans and other malware require the infected computer to be on and online to do any damage.
Protect your personal information
The scammers know your email, but they probably don’t know your name. If you didn’t call them, they probably don’t know your phone number, either. The free trial expiration scam’s goal is to spread a trojan, not to steal personal information.
However, the trojans that the free trial expiration scam spreads do steal personal information, and a lot worse. If your antivirus scanner did find malware or if you suspect that your computer was infected, then there are a few things for you to do in order to protect yourself:
- Check your bank accounts (make sure to do that on a clean device). If something is wrong (unexpected expenses), call your bank and ask for help.
- Trojans steal login credentials and cookies with session tokens, which allows them to hack accounts. So, once your device is clean, log out of your social media and other accounts in all devices.
- Reset your passwords.
- Use multi-factor authentication to protect your accounts.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,