Risk
5/13/2013
11:23 AM
50%
50%

Microsoft Tech Support Scams: Why They Thrive

Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.

4. Telephone Scams: Cheap, Easy, Repeatable.

Microsoft support scams succeed in part because they're cheap and easy to run. International call centers -- think boiler rooms -- are often used, situated in an inexpensive labor market such as India, and facilitated via low-cost VoIP telephony.

Thankfully, consumer watchdogs have been mobilizing. Last year, the Federal Trade Commission cracked down on some tech support scams, filing charges and freezing assets associated with 14 businesses and 17 people. It said the scam operations had successfully conned tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand and the United Kingdom, into paying between $49 and $450 for fake services.

At the time, the FTC detailed how many of these scam artists operate: "When consumers agreed to pay the fee for fixing the 'problems,' the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers' computers," according to the FTC. "Once the telemarketers took control of the consumers' computers, they 'removed' the non-existent malware and downloaded otherwise free programs."

5. Technobabble Warnings: "Frozen DNS Trojan."

Obviously, support scams often succeed because many consumers don't understand Windows information security intricacies. But con artists often operate on the edge of believability, slowly reeling in even technologically savvy targets, who they might have caught unaware with an impromptu phone call.

One reader, for example, emailed earlier this year to say the lure of "free" technical support -- no apparent harm there -- initially caught her off guard. "I just received one of those scam calls from an 800 number obviously from someone in India trying to tell me my computer was infected with a 'frozen DNS Trojan' -- originally he said 'virus' but switched to 'Trojan' later in the call," she said. "I didn't fall for it at all but was curious enough to find out exactly what he was up to. Eventually I told him I knew he was a scammer and didn't believe a word he was saying and hung up."

Technobabble aside, she reported almost falling for the scam. "I'm relatively computer savvy and for a brief second I wondered if this was for real," she said. "So if I could be duped (even for a split second) I can see how people get pulled into this type of scam especially when the scammer tries to tell you this is all 'free' for him to show you are infected with this virus or Trojan."

6. Virus Scanners Fake Results.

To try to get their way, scammers might bring psychological pressure to bear. For example, when Jerome Segura, senior malware research at Malwarebytes, was cold-called by tech support con artists he gave them access to a virtual machine. They flew into repair rage when he refused to pay $229 following their fake ministrations. "They got mad and deleted documents and pictures from my (virtual) machine before cutting me off in a very rude way," he said in a blog post.

Fake bells and whistles might also be employed. This month, for example, Segura said he decided to call a tech-support number that flashed up in a pop-up advertisement window, just to see where it might lead. As before, he gave the tech support person who answered remote access to his PC -- not telling him it was a fully cleaned and isolated virtual machine -- on which he installed, as instructed, TeamViewer software, through which the supposed tech-support agent accessed the PC, then ran a downloaded scanner. Just two seconds later, the scanner reported extensive virus infections. Segura said his analysis of the scanner's database found that it was "stuffed with false positives which aren't just accidents, but clearly used to add some drama."

Added drama or not, don't fall for tech-support scams.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
5/17/2013 | 1:59:17 AM
re: Microsoft Tech Support Scams: Why They Thrive
Let me be the first to say it... Thank you Steve Case.

Without the explosive popularity of America OnLine and the massive expansion of the Internet in the 90s, I highly doubt that this would be an issue at this point. Remembering the days when the Internet was a utopia of thinkers, students, educators, defense contractors and technically savvy people - a very small percentage of those people would fall for this sort of social engineering.

But, since we've got Ma and Pa Kettle bringing home a brand new PC from their closest big box store and hooking it up to that "new fangled" Internet, you'll have people taking advantage of those who are less savvy.

Something to keep in mind here - how much of a role does the media play in feeding into this monster? Remember Nimda and CodeRed and all of those virii from days gone by? The entire world was made to be extremely afraid of virii - possible considering them to be even worse than a virulent strain of H1N1... because they don't really grasp the idea of a computer virus and what it really does, while everyone knows that H1N1 gives you physical symptoms of an infection.

That said, why isn't there more of an effort to educate people, BEFORE they become a victim of this sort of thing? Ounce of prevention being worth a pound (or dollar) of cure, and all...

Andrew Hornback
InformationWeek Contributor
majenkins
50%
50%
majenkins,
User Rank: Apprentice
5/15/2013 | 6:05:06 PM
re: Microsoft Tech Support Scams: Why They Thrive
I got one of these a couple of weeks ago. "I am calling about problem with operating system of, Microsoft Windows, blah, blah, blah" something like that. I just hung up, maybe next time if I have time and feel like it I'll play them like Number 6 did.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
5/15/2013 | 3:00:48 PM
re: Microsoft Tech Support Scams: Why They Thrive
I actually enjoyed getting the telephone scam call a couple months ago. I told the woman who called (Indian accent) that I needed to know the IP address of the PC with the problem, since I have several and she wanted me to go to a URL from that PC. She didn't know what an IP address was, let alone the difference between IPv4 and IPv6. I asked for a phone number that I could call her back at, and got one that I found out later was for a florist in Wisconsin!

After continuing to get nowhere with my IP question, I asked if I could talk with someone who could help. I got her "supervisor," told him that I work in IT, and he tried to convince me that I don't know how networking works. Um, yeah, good luck with that. I was probably coding network software before he was running his first scam. I finally hung up on him, but I regret not getting that URL.

Sounded like a boiler room operation, not an individual.

I agree with Tom. The call was the first time I'd heard about this particular scam. Lots of people could fall for this.
rjones2818
50%
50%
rjones2818,
User Rank: Moderator
5/14/2013 | 6:26:58 PM
re: Microsoft Tech Support Scams: Why They Thrive
Is anyone surprised? Most computer users probably shouldn't be allowed near a computer, much less trusted to take the rudimentary steps needed to protect said computer. Until training/schooling focuses on security from day one scamming and the like will remain a major problem.
Tom LaSusa
50%
50%
Tom LaSusa,
User Rank: Apprentice
5/13/2013 | 4:35:07 PM
re: Microsoft Tech Support Scams: Why They Thrive
The real reason why they thrive? Lack of education/passing this information along to family and friends. That's the bottom line. And it doesn't take a whole lot either -- instead of posting yet another silly meme on your Facebook profile, post a notice reminding friends and family to hang up when they get these calls.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?