Internationalizing Efforts to Counter Tech Support Scams

The Central Bureau of Investigation (CBI), India's federal enforcement agency, recently conducted a series of criminal raids against illegal call centers across the country in an attempt to clamp down on tech support fraud. These raids were the result of a joint referral made by Microsoft and Amazon — the first time both companies have joined forces to combat tech support fraud. 

Tech support fraud is a major problem that impacts a wide variety of industries. According to the U.S. FBI, tech/customer support and government impersonation have cost victims over $1 billion in losses. The illegal call centers raided by the CBI were set up to impersonate Microsoft and Amazon customer support, targeting more than 2,000 customers across the US, Canada, Germany, Australia, Spain, and the UK. 

Read on to learn more about this threat and how the cybersecurity industry can join forces with government entities to raise the bar on collective defense against tech support fraud and other emergent threats.

Understanding Tech Support Fraud 

At its core, tech support fraud involves scammers who use scare tactics to trick victims into unnecessary technical support services. Sometimes fraudsters will call their victims directly and impersonate representatives of a tech company, asking them to pay to fix a nonexistent device or software problem. Other times, scammers will attempt to gain remote access to their victims' devices in order to steal sensitive data or install malware, ransomware, or other unwanted programs.

Threat groups use a variety of tactics to make these purported issues appear more realistic. They can spoof caller IDs to display a legitimate support phone number from a trusted company or populate websites with fake error messages. Adversaries can further escalate the situation by putting their victims' browsers in full-screen mode and displaying pop-up messages that won't go away, appearing to lock the browser. 

Education is one way to combat these tactics. Security teams should monitor the latest threat intelligence and update users on current threat vectors, such as unsolicited offers of support; suspicious payment methods, like Bitcoin or gift cards; or instructions to download third-party software that doesn't originate from trusted security companies. 

On the proactive side, Microsoft's Digital Crimes Unit (DCU) is working to combat tech support scams by investigating tech support fraud networks and referring cases to law enforcement as appropriate. We update our products and services with the latest threat intelligence to better protect consumers from various fraudulent tactics and provide guidance and resources on how to identify, avoid, and report suspicious activity.

Supporting Collective Defense Through Greater Collaboration

The CBI's raid is an excellent, real-life example of the impact that security companies and law enforcement can have when they work together to advance collective defense by sharing intelligence and resources.

Cyber threats are ever-evolving, so trusted relationships and collaboration are necessary to improve collective knowledge, drive resilience, and mitigate global security risks. There is a vast amount of cybercrime intelligence and data at our fingertips, but many companies cannot fully use this information due to the fragmented nature of cybersecurity. This situation is further complicated by limited cooperation between stakeholders, cross-border complexities, and challenges posed by different jurisdictions.

Open source intelligence is one solution. In June 2022, the World Economic Forum launched the Cybercrime Atlas initiative, with support from companies including Microsoft, Fortinet, PayPal, and Santander Group. The initiative takes a global collaborative approach to gather human-vetted open source intelligence from sectors such as finance, technology, telecommunications, cybersecurity, and cloud providers. The Cybercrime Atlas specifically focuses on cyber-enabled and cyber-dependent crimes, such as business email compromise, credit card fraud, malware, and ransomware. 

By providing intelligence on current cybercriminal activity, the Cybercrime Atlas empowers law enforcement to take action and dismantle criminal infrastructures. It is also being designed to offer evidence-based recommendations for policy and regulation changes in the near future. 

Although still a new initiative, the Cybercrime Atlas will create a standardized and scalable model for open source intelligence research. It maximizes data collection while ensuring intelligence is thoroughly cleansed, enriched, and vetted by cross-industry experts. This contextualized intelligence enables security teams to identify connections among cybercriminals, threat groups, and shared infrastructure. It also uncovers infrastructure that is being used to facilitate large-scale criminal activity beyond individual domains or IP addresses. All of this insight helps security firms and government entities crack down on digital threats.

Ultimately, the private and public sectors must come together to fight cybercrime on a global scale. Microsoft is committed to advancing this goal by partnering with other companies and law enforcement to share information and resources.

— Read more Partner Perspectives from Microsoft Security