May 3, 2017 By David Strom 2 min read

A typical tech support scam goes something like this: Someone calls you up, claims they’re from some technical support service and counts on you to be gullible enough to listen to a phony pitch. Instead of cleaning your computer, they convince you to download malware to your PC. They then ask for a ransom payment to remove it. Thanks, but no thanks.

Support Scammers Refining Old Tricks

Sadly, the practice is becoming even more popular and insidious. According to We Live Security, more than one-third of the scams ESET researchers identified in a February study were related to this type of tech support scam. In the early days, scammers made cold calls.

Today, things have gotten more sophisticated. Researchers have seen various methods deployed, including the use of Twitter bots, typo squatting on domain names, malware-infected banner ads and the redirection of expired domains.

Once a potential victim calls, the scammers “stop short of using real ransomware, but they generate messages that deceive the victim into thinking that his system is seriously threatened,” We Live Security noted. In fact, the victim’s system is threatened, but only as long the conversation with the scam artist continues.

Tracking a Tech Support Scam

Some of these conversations have been recorded by security researchers and journalists. It makes for interesting listening to hear scammers being misled. IT managers should review these posts by Lenny Zeltser and Sean Gallagher, both of which can help them understand the malicious techniques so they can advise users on how to detect and avoid them.

Gallagher kept his support scammer on a call for nearly two hours. While he was being directed to “fix” his PC, Gallagher was running various virtual machines to analyze the scammer’s intentions, all the while trying to collect as much data as possible to pass on to authorities.

Is Your Refrigerator Running?

According to the ESET researchers, things are out of control in Spain. The country reported a rise in tech support scam-based malware to astounding levels, especially among older and less experienced home PC users.

“If the victim believes that he is talking to an official technical support service center, he has no qualms about following the instructions of the ‘support provider’ at the other end of the phone,” We Live Security said. In some cases, victims are sent to fake websites to enter payment information for their ransoms, but then don’t receive any decrypting program to recover their data.

Here’s the moral of the story: Take some time to educate your users about these scammers, and always remain skeptical and vigilant.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today