A typical tech support scam goes something like this: Someone calls you up, claims they’re from some technical support service and counts on you to be gullible enough to listen to a phony pitch. Instead of cleaning your computer, they convince you to download malware to your PC. They then ask for a ransom payment to remove it. Thanks, but no thanks.
Support Scammers Refining Old Tricks
Sadly, the practice is becoming even more popular and insidious. According to We Live Security, more than one-third of the scams ESET researchers identified in a February study were related to this type of tech support scam. In the early days, scammers made cold calls.
Today, things have gotten more sophisticated. Researchers have seen various methods deployed, including the use of Twitter bots, typo squatting on domain names, malware-infected banner ads and the redirection of expired domains.
Once a potential victim calls, the scammers “stop short of using real ransomware, but they generate messages that deceive the victim into thinking that his system is seriously threatened,” We Live Security noted. In fact, the victim’s system is threatened, but only as long the conversation with the scam artist continues.
Tracking a Tech Support Scam
Some of these conversations have been recorded by security researchers and journalists. It makes for interesting listening to hear scammers being misled. IT managers should review these posts by Lenny Zeltser and Sean Gallagher, both of which can help them understand the malicious techniques so they can advise users on how to detect and avoid them.
Gallagher kept his support scammer on a call for nearly two hours. While he was being directed to “fix” his PC, Gallagher was running various virtual machines to analyze the scammer’s intentions, all the while trying to collect as much data as possible to pass on to authorities.
Is Your Refrigerator Running?
According to the ESET researchers, things are out of control in Spain. The country reported a rise in tech support scam-based malware to astounding levels, especially among older and less experienced home PC users.
“If the victim believes that he is talking to an official technical support service center, he has no qualms about following the instructions of the ‘support provider’ at the other end of the phone,” We Live Security said. In some cases, victims are sent to fake websites to enter payment information for their ransoms, but then don’t receive any decrypting program to recover their data.
Here’s the moral of the story: Take some time to educate your users about these scammers, and always remain skeptical and vigilant.