The Lure of the Support Scam

We’re all too familiar with tech support scammers claiming to represent Microsoft or other impressive names like Cisco or Apple. And sometimes we find them claiming to represent security companies in some way.

To cite some instances mentioned in a paper presented at Virus Bulletin in 2012 by myself, Martijn Grooten (Virus Bulletin), Steve Burn (Malwarebyes) and Craig Johnston (an independent researcher and former colleague at ESET):

  • We know of a number of instances where fake or cracked security software has been sold to victims by scammers claiming to represent legitimate security vendors in some way.
  • A scammer who talked to Craig claimed that his company was installing legitimate copies of a commercial product called Registry Mechanic. We were unable to verify that claim, but we do know for sure that it’s common for scammers to install free (or free versions of) various utilities as part of their service. (Which is, of course, not free.)
  • Microsoft terminated its relationship with Gold partner Comantra because of all the complaints about Comantra’s practices.

We also cited the case of iYogi – recently accused by the state of Washington of engaging in support scam practices – which to which Avast! was actually outsourcing the provision of legitimate support to users of Avast!’s free products, until similar allegations were made about iYogi.

A common current ploy is to lure victims into calling a helpline passing itself off as being hosted by a legitimate security-oriented company, by using some kind of popup fake alert. For obvious reasons, companies like Symantec and McAfee are frequently targeted for this kind of attack. However, Jérôme Segura for Malwarebytes reports a case where the scammer is claimed to be ‘an official member of the Symantec Partner Program’.  Segura explains:

We immediately reported all of our evidence to Symantec who took this case very seriously and confirmed that this company was indeed a member of the program. Symantec also let us know that they were going to take immediate action to resolve this issue.

Reassuringly, he also reports that the alleged scam site was subsequently taken down.

The article also indicates that the Malwarebytes brand has also been misused by scammers charging ridiculous prices for its product.

There are clear advantages to a support scammer in cosying up to a legitimate, ethical company, and scammers are apparently not averse to ‘inflicting brand and reputation damage’ on their partners.

However, I suspect that there are still plenty of scammers claiming to support products with which they have no genuine connection. Or interest, come to that, except as a means of promoting their own dubious products and services. It’s amazing how eager many ‘support lines’ are to point out the (usually mythical) limitations of the product they claim to support, in order to promote their own service or product.

If you follow this blog, you are almost certainly aware of the sort of popup alert I’m referring to above. But that’s not the only lure used by support scammers. A little time spent with your favourite search engine using terms like ‘[your chosen security product] + tech support’ is likely to turn up lots of links to sites that have no connection to the product or vendor, but claim to offer tech support for it.

I can only recommend that if you think you have a problem with your security product of choice, that you make your first port of call a web site that you know is maintained by the company that makes the software. After all, if it’s a product that you actually paid for, the chances are that you can get (at least some) support from the vendor without extra cost. This is unlikely to be the case with a free product – one of the reasons I’m lukewarm about recommending free security software, though a genuine free security product is better than no security at all. Nevertheless, a responsible vendor will always offer some indication of somewhere where you can get support, even if it means upgrading to a for-fee version. And while there are instances of a vendor being unaware of the unethical behaviour of one of its partners, these are very much the exception rather than the rule. It’s much more common for a scammer to claim a non-existent relationship with the vendor.

However, if you trust your support to a helpline you found via a search engine, there’s a good chance that you’ll stumble upon a company that knows more about SEO (search engine optimization) than it does about reliable support. Or ethics, or honesty.

It’s not that there aren’t honest support sites out there: the difficulty is in identifying which are honest, and which are scammers. A security vendor might not always know when it’s partnered with a scammer, but it does know which companies are genuine partners.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.