Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:01 AM
Connect Directly

4 Ways To Sniff Out A Tech Support Scam

Malwarebytes gives a peek at the anatomy of a tech support scam; scammers at one time were selling $25 versions of Malwarebytes software for as much as $1,000.

Tech support scams hit thousands of consumers a year, causing millions of dollars in financial losses -- and many of these scams operate out of southern Florida.

Malwarebytes' report, The Anatomy of Tech Support Scams, says that from January 1, 2016 to April 30, 2016, the FBI’s Internet Computer Complaint Center (IC3) received 3,668 complaints with adjusted losses of $2,268,982. While many of these scams prey on the elderly, many of these attacks use malware and ransomware that can even victimize the most tech-savvy users.

The Malwarebytes report comes on the heels of a study published yesterday by Microsoft and the National Cyber Security Alliance (NCSA) that shows that two out of three customers have been exposed to this type of fraud in the last 12 months, and millennials are becoming a growing target of these scams.

Justin Dolly, CSO and CIO at Malwarebytes, says that the stereotype of these scams emanating from India has been replaced by more local, US-based criminal operations, many of which are based in southern Florida.

“There’s no definitive reason for why southern Florida has become a hotbed, our best guess is that there are a lot of telemarketing companies there and this kind of criminal activity is an outgrowth of that,” Dolly says.

Jean-Phillippe Taggart, senior security researcher at Malwarebytes, says his firm chose to become vocal about these scams because in many cases the scammers were selling $25 versions of Malwarebytes software for as much as $1,000.

“In some cases, the criminal are just interested in making money, but very often if things appear as if the potential victim will not buy the fraudulent products or services and they go south they can do some real damage to people’s computers,” Taggart says.

Many of the latest tech support scams such as scam lockers use malware and extortion tactics to force victims to call these criminal organizations. Because the scammers use malware and ransomware, simply installing what appears to be a software update or video codec can infect a victim’s computer. They are then forced to call the scammers to unlock their machines.

“The other thing people need to understand is that these are often very aggressive sales organizations with experienced tech people,” Taggart says. “In many cases the tech support people may not fully know that they are involved in a scam.”

In fact, during a sting operation Malwarebytes ran with the FTC, it took about two or three times before they actually found fraudulent activity.

“We found that it was about an 80-20 rule, with about 80 percent of the calls being legitimate calls by these criminal organizations,” Taggart says. “They can be very hard to uncover.”

Malwarebytes has been working with the Federal Trade Commission to prosecute these cases. According to the report, in 2014, Malwarebytes worked with the FTC to shut down OMG Tech Help, a US-based tech support company. The FTC alleged that OMG used software designed to trick consumers into thinking that there were problems with their computers and directed them to telemarketers who used high-pressure deceptive sales pitches for tech support products and services.

Malwarebytes researchers testified in court with strong evidence against OMG, including video evidence of their fraudulent activities. On June 20 of this year, the FTC announced that OMG had settled and have been required to surrender all of their assets to a court receiver.

Here's how to identify and respond to tech support scams:

1.      Microsoft will not contact you out of the blue. Don’t ever expect Microsoft to notify you if there is a problem with your computer. If you receive such as notice, be suspicious and report the incident.

2.      Do a search. If you suspect that you are being approached by one of these scammers, do a search on Google of the company’s phone number and see if anyone else has ever reported on them.

3.      Bring your computer to an authorized dealer or store. If you are having problems, don’t engage the scammer company. Just take your computer to an authorized dealer or an electronics retail store and have them check your computer.

4.      Be careful what and where you download. Only download applications from authorized app stores or the websites of legitimate software companies. Many of the scam lockers are wrapped into bundlers that look legitimate, but are often malware and ransomware.

Consumers in the US suspecting they were hit by a tech support scan should report it to the FTC. For those outside the US, go to https://blog.malwarebytes.com/tech-support-scams/

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
PUBLISHED: 2019-07-19
** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot e...
PUBLISHED: 2019-07-19
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
PUBLISHED: 2019-07-19
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, ...