Tag Archives: Craig Johnston

Tech Support Scams Latest

I’ve just added a link on the resource page to another article from Malwarebytes on support scams using a fake Blue Screen of Death, this time by Chris Boyd: Avoid this BSoD Tech Support Scam. Also some comment by John Leyden for The Register.

I also noticed today a comment to one of my ESET articles of some possible interest to support scam watchers. Actually, I think I approved the comment some time ago, but never got around to flagging it elsewhere.

I know these are scams, and I work in IT, but I had only heard these stories from my mom about them calling her. I wondered if this was a scam targeting older people, since I had never been called. Now they have started calling. 

While these scammers certainly seem more than happy to defraud older people, probably because they expect them to be less conversant with technology and therefore likelier to fall for the pitch, I doubt if the cold calls are, in general, actually targeting my generation. (I’m happy to note that – in the UK, at any rate – my generation is less gullible than you might think.)

The first time they call, about 3 weeks ago, the guy tells me my computer is infected. When I asked which computer he says my windows computer. I tell him I have, which computer is the problem. He tells my I am lying, that I don’t have 7 windows computers. He them hangs up on me for wasting his time. 

Today they called again. I played along, though I did say I had multiple computers, this guy said they were all likely infected. I asked him to verify the IP of the infected machine and he tells me he can’t but he can verify the CL SID. He rattles of the CLSID listed here and asks me to run the assoc command.

So far, so typical of many of the hundreds of reports I’ve seen.

By this time I already have this site open.

(The comment is one of nearly 500 attached to this article: Support desk scams: CLSID not unique.)

I string him along for a little bit when I finally tell him, politely, that I know this is BS. At first he denies it, then he actually acknowledges it, acknowledges that he is in Calcutta. Tells me a little about his family, and that he is in school. Tells me that work is hard to find, and asks if it’s as hard here as it is there. He tells me that the scam jobs make 14,000 a year, but the legit ones that he can find only make 7,500 a year. At the end of the call, he thanked me for not yelling and screaming profanities at him. Overall I was on the phone for 40 minutes and 20 of that was after I told him I knew.
Weirdest call ever. 

Well, it’s not quite the first time that a conversation somewhat like this has taken place. My friend and former colleague Craig Johnston recounted a similar encounter in Virus Bulletin back in 2011, which he also talked about in our joint presentation at Virus Bulletin with Steve Burn and Martijn Grooten. The guy Craig talked to was a little more self-deluded: as Craig said, ‘While the caller admitted that the methods used to convince the ‘customer’ were dodgy, he was keen to assure me that the product being sold was legitimate and that it would benefit the customer.’

In this case, the scammer didn’t try to offer such self-justification, but may give us some insight into the economics of scam versus legitimate call-centre jobs (though we believe that some call-centres use both scam and legit approaches to support). I’ve talked before about scammer motivation, but it does at least seem that not all support scammers are bullies and worse (like the unspeakable monsters who try to block their victim’s access to their own systems if they allow the scammer access and then decide not to purchase his ‘services’) and may even have the grace to be less than proud of the way they make their living.

David Harley
ESET Senior Research Fellow

 

Advertisements

‘Tech Support’ Scam Resources Page updated

I haven’t updated the scam resources page on the AVIEN blog site since November 2011. Mea Culpa. However, that doesn’t mean I haven’t been beavering aways at raising awareness of this scam among readers of my blog, the security industry, and (not least) law enforcement. So I’ve finally got around to updating the page.

Firstly, I’ve changed the name to something more unwieldy (less wieldy?), but a bit more explicit as to exactly what it’s about.

Secondly, I’ve added quite a few links to resources. Depressingly, most of them are my own blogs – I can’t believe how hard it is to get people to take notice of this scam! – but I shouldn’t forget to mention my friends and colleagues Steve Burn (MalwareBytes), Craig Johnston (independent researcher) and Martijn Grooten (Virus Bulletin), with whose help I’ve put together a couple of somewhat massive papers to be presented at CFET and Virus Bulletin later this year.

David Harley CITP FBCS CISSP
AVIEN & Small Blue-Green World Dogsbody
ESET Senior Research Fellow

The Register: “Welcome to the out-of-control decade”

A disquieting article by Rik Myslewski that strikes some deep chords with me. :-/

“Waiting in the wings are corporate entities eager to exploit your personal information, and government agencies watching your every step.”

http://www.theregister.co.uk/2009/12/31/the_out_of_control_decade/

The issue of government monitoring spends a lot of time under the spotlight, of course, and so it should. (Craig Johnston and I considered some of the law-enforcement issues in an AVAR paper this year, but there’s much more to it than that, obviously.)

http://www.eset.com/download/whitepapers/Please_Police_Me.pdf

But I’m seriously concerned about the consequences of the increasing amount of personal data (good, bad, and purely mythical) available to anyone with a browser (or even a USB port). It’s an issue I’ve had occasion to think about several times recently, and I expect to return to it a lot more in the coming months. For instance:

http://www.eset.com/threat-center/blog/2009/12/14/que-sera-sera-%e2%80%93-a-buffet-of-predications-for-2010

http://www.eset.com/threat-center/blog/2009/12/14/your-data-and-your-credit-card

http://www.eset.com/threat-center/blog/2009/12/12/the-internet-book-of-the-dead

http://www.eset.com/threat-center/blog/2009/06/09/data-protection-not-a-priority

Also, this quote from the ESET Global Threat Trends report for December: “Criminals and legitimate businesses will mine data from a widening range of resources, exploiting interoperability between social networking providers. Sharing of data in the private sector will be an increasing threat until the need is accepted for more data protection regulation on similar lines to that seen in the public sector, especially in Europe.”

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com