My PC has 32,539 errors: how telephone support scams really work

David Harley ESET
Martijn Grooten Virus Bulletin
Steven Burn Malwarebytes
Craig Johnston Independent researcher

Fake security products, pushed by variations on Black Hat SEO and social media spam, constitute a highly adaptive, longstanding and well-documented area of cybercriminal activity. By comparison, lo-tech Windows support scams receive far less attention from the security industry, probably because they're seen as primarily social engineering not really susceptible to a technical 'anti-scammer' solution. Yet, they've been a consistent source of fraudulent income for some time, and have quietly increased in sophistication.

In this paper, we consider:

  • The evolution of the FUD and Blunder approach to cold-calling support scams, from 'Microsoft told us you have a virus' to more technically sophisticated hooks such as deliberate misinterpretation of output from system utilities such as Event Viewer and Assoc.
  • The developing PR-oriented infrastructure behind the phone calls: the deceptive company websites, the flaky Facebook pages, the scraped informational content and fake testimonials.
  • Meetings with remarkable scammers: scammer and scam-victim demographics, and scammer techniques, tools and psychology, as gleaned from conversational exchanges and a step-through remote cleaning and optimization session.
  • The points of contact between the support scam industry, other telephone scams, and mainstream malware and security fakery.
  • A peek into the crystal ball: where the scammers might go next, some legal implications, and some thoughts on making their lives more difficult.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments

Jobs Recruit Sidebar

VB100 certification
VB100 For the first time in living memory, this test saw a clean sweep of certification passes, with all products reaching the required standard for a VB100 badge, and most also doing well in terms of stability.
See full results.

Virus Bulletin currently has 231,303 registered users.