Watch tech support scammers at work, live

Watch tech support scammers at work, live

Summary: How do scammers posing as tech support dupe customers in to installing malware? Take a look.

SHARE:
TOPICS: Security
5

It's almost too easy to be hoodwinked into scams produced by the increasingly sophisticated tactics of hackers, but how does the process actually work?

image001

Scams come in a variety of ways. In the beginning, emailed messages told you your ticket for the Spanish lottery was a winner, your help was needed transferring millions of dollars from accounts in Africa, or a long-lost uncle was willing to give you a percentage of your inheritance -- as long as you paid the transfer fees and handed over your account details first, of course. Now, scammers appeal to you through loans, fake bank-based emails and tech support scams.

One such tech support scam has been documented by Jerome Segura, Senior Security Researcher at Malwarebytes. The security expert recorded a case where a support scam, a.k.a. the Microsoft/Windows support technician call, invented non-existent problems over the phone with a consumer and tried to exhort money as a result.

These scams are not purely PC-based, unsurprising as many consumers are moving towards smartphones and tablets. Scammers find their victims by both cold-calling and advertising online, often creating multiple identities and paying for sponsored placement adverts to appear legitimate.

After calling, the technician told Segura that he would not be able to directly connect to the phone, and the user had to plug the device in to the PC first, before downloading remote login software so they could connect to the PC.

Screen Shot 2014-01-14 at 09.56.13

After logging in and rifling through the phone, the technician gave up on finding anything of use, and instead went to a traditional way to lure victims: pop-ups. If you're going to scam someone, Windows is much easier to use as a platform than Android or iOS.

"Alright Sir. Just let me know one thing Sir. So when you are doing work on your mobile phone or on your computer ok, do you receive any kinds of pop ups for operation {inaudible} like Adobe Flash Player, or anything like Java as well as on your mobile phone?

You get a pop up right? And you always connect your mobile phone with your wifi right?

So the thing is there are some kind of infection over here, so that’s why the infections transfer from your network to your phone ok?"

It's not difficult to see where this is going. After asking the user to complete a search, the 'technician' says:

"There is one file which is installed in your computer as well as in your mobile phone and that is a very bad file. The name of that file is rundll ok? r-u-n-d-l-l number 32 dot exe alright?"

Rundll32.exe is a standard Windows file, and certainly won't be found on an Android device. However, the technician pressed on, saying that "this file is specially designed to jeopardize your banking information." Cue panic for those without much technological understanding. In this case, in order to dupe the consumer, the scammer removed the 'infection' then simulated a 're-infection' by restoring them quickly from the Recycle Bin (Ctrl+Z).

By doing so, the 'technician' is able to persuade the customer they need continual support to keep infections at bay -- and so comes the bill for a year of 'support' for a mere $299.

details1
paymentportal

Scammers profit from the human condition. A lack of understanding about modern devices, panic over fake infections and the possibility of losing private data are all areas ripe for exploitation. However, these new campaigns also come with fresh risks: by connecting scammer to your devices, you are giving them unfettered access to the data stored on them.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Happened to us.

    We got a cold call from someone claiming to be Microsoft support who had detected a problem with our computers and needed to login remotely to fix it. My wife said "We don't use Windows" and hung up." But she then came and asked if it was possible if we did use Windows, so these folks can mess you up if you aren't careful. He sounded very legit.
    baggins_z
  • Abacus

    We recently had a call from one of these clowns.
    Decided to have a bit of fun.
    Told them that we were running the "ABACUS operating system" which is absolutely impervious to any type of malware attack as no digital vectors known to man exist for this system.
    This puzzled the scammer for a while after which I became bored with this nonsense and hung up.
    (Check "abacus" in Wikipedi :-) )
    da philster
  • We got the call

    We've received several calls over the past 3-4 months from a company that starts with the word "Windows ". I believe they are careful not to use "Microsoft" so they can stay under the legal radar. Naturally when people hear "Windows" in the company name, they assume it's Microsoft calling, which gives them credibility. The man who called our house had an Indian accent and tried to get me to run some program on my computer to illustrate that some sort of problem existed on my computer. Since I suspected it was some sort of scam (how would he know I had a problem on my computer?!) from the beginning, I googled key words related to the situation and quickly found some information on this scam. I didn't trust him and so didn't run the local program he was asking me to run. Based on what I was reading online, I believe they avoid being shut down because they provide an actual service, which is PC clean-up with one year of maintenance support for $129/year.
    krisoccer
  • Just Got The Call A Couple Days Ago

    I just received this call claiming to be "Windows tech support" a couple days ago. I already knew of this scam, so would never fall for it, but decided to have some fun and aggravate the caller, LOL!!! I played extremely dumb, not knowing where anything was, kept asking him to repeat himself, and kept putting him on hold to play with my kitten. It was SOOO hard to not crack up into the phone. After the last time I put him on hold, I came back and he had finally hung up on me. It was great!!
    baybreeze
  • Android And IOS Don't Have "Dead End" Messages....

    they have no messages at all. I have both types - Droid Maxx and iPhone 5 - and when they work, they are very smooth. Just like Windows, as a matter of fact.

    However, when something doesn't work - and at time things don't work, Apple PR not withstanding - the phones are completely worthless in so far as trouble shooting is concerned. There are NO messages - perhaps the phone doesn't even realize something is amiss - so one is left throwing darts in the dark trying get things right.
    Lazarus439Z