My PC has 32,539 errors: how telephone support scams really work

David Harley ESET
Martijn Grooten Virus Bulletin
Steven Burn Malwarebytes
Craig Johnston Independent researcher

Fake security products, pushed by variations on Black Hat SEO and social media spam, constitute a highly adaptive, longstanding and well-documented area of cybercriminal activity. By comparison, lo-tech Windows support scams receive far less attention from the security industry, probably because they're seen as primarily social engineering not really susceptible to a technical 'anti-scammer' solution. Yet, they've been a consistent source of fraudulent income for some time, and have quietly increased in sophistication.

In this paper, we consider:

  • The evolution of the FUD and Blunder approach to cold-calling support scams, from 'Microsoft told us you have a virus' to more technically sophisticated hooks such as deliberate misinterpretation of output from system utilities such as Event Viewer and Assoc.
  • The developing PR-oriented infrastructure behind the phone calls: the deceptive company websites, the flaky Facebook pages, the scraped informational content and fake testimonials.
  • Meetings with remarkable scammers: scammer and scam-victim demographics, and scammer techniques, tools and psychology, as gleaned from conversational exchanges and a step-through remote cleaning and optimization session.
  • The points of contact between the support scam industry, other telephone scams, and mainstream malware and security fakery.
  • A peek into the crystal ball: where the scammers might go next, some legal implications, and some thoughts on making their lives more difficult.  digg this! digg this

Quick Links

Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 231,354 registered users.