Light Dark
May 3, 2017 By David Strom 2 min read
Fraud Protection

A typical tech support scam goes something like this: Someone calls you up, claims they’re from some technical support service and counts on you to be gullible enough to listen to a phony pitch. Instead of cleaning your computer, they convince you to download malware to your PC. They then ask for a ransom payment to remove it. Thanks, but no thanks.

Support Scammers Refining Old Tricks

Sadly, the practice is becoming even more popular and insidious. According to We Live Security, more than one-third of the scams ESET researchers identified in a February study were related to this type of tech support scam. In the early days, scammers made cold calls.

Today, things have gotten more sophisticated. Researchers have seen various methods deployed, including the use of Twitter bots, typo squatting on domain names, malware-infected banner ads and the redirection of expired domains.

Once a potential victim calls, the scammers “stop short of using real ransomware, but they generate messages that deceive the victim into thinking that his system is seriously threatened,” We Live Security noted. In fact, the victim’s system is threatened, but only as long the conversation with the scam artist continues.

Tracking a Tech Support Scam

Some of these conversations have been recorded by security researchers and journalists. It makes for interesting listening to hear scammers being misled. IT managers should review these posts by Lenny Zeltser and Sean Gallagher, both of which can help them understand the malicious techniques so they can advise users on how to detect and avoid them.

Gallagher kept his support scammer on a call for nearly two hours. While he was being directed to “fix” his PC, Gallagher was running various virtual machines to analyze the scammer’s intentions, all the while trying to collect as much data as possible to pass on to authorities.

Is Your Refrigerator Running?

According to the ESET researchers, things are out of control in Spain. The country reported a rise in tech support scam-based malware to astounding levels, especially among older and less experienced home PC users.

“If the victim believes that he is talking to an official technical support service center, he has no qualms about following the instructions of the ‘support provider’ at the other end of the phone,” We Live Security said. In some cases, victims are sent to fake websites to enter payment information for their ransoms, but then don’t receive any decrypting program to recover their data.

Here’s the moral of the story: Take some time to educate your users about these scammers, and always remain skeptical and vigilant.

 |  |  |  |  | 
David Strom
Security Evangelist

More from Fraud Protection
July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature