Microsoft Tech Support Scams: Why They Thrive

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Tech Support Scams: Why They Thrive


Readers detail frozen DNS Trojan cold calls and repairs that lead to $882 in unauthorized wire transfers.



(click image for larger view and for slideshow)
8 Things Microsoft Should Fix In Windows Blue
Consumers: Hang up on anyone who cold-calls offering Windows technical support, never believe an Internet pop-up that reports your PC is infected with malware, and, above all, dont ever install software from an untrusted source who offers to rid your PC of viruses, perhaps for free.
If people followed those precepts, theyd avoid the hassle and expense of scammers out to make a quick buck. But Microsoft technical support scams continue to be alive and well, sticking victims with bills of between $50 and $450 for security smoke and mirrors, or sometimes perpetrating financial fraud that costs far more.
According to a 2011 Web survey of 1,298 people conducted by British consumer rights watchdog
Which?
, 3% of respondents said theyd
allowed scammers to log onto their PC
and 2% gave them money. Interestingly, 3% said they werent sure if a technical support cold call had really been a scam or not.
Heres a hint: Cold callers offering tech support advice are scammers. Here are six recent examples of how these fraudsters operate.
1. Scammers Reuse Scripts.
The con artists behind telephone repair scams often
reuse the same script
, which often begins: Im calling from Microsoft. Weve had a report from your Internet service provider of serious virus problems from your computer.
[ Tired of being stuck in password hell? See
10 Top Password Managers
. ]
One reader emailed Saturday to say that hed received an almost word for word phone call on my landline. After hanging up, he alerted his telephone company. All they could offer was ... a call trace, and to notify my local police. Which I may pursue, he said.
2. South African Targeted By StartControl.
Another reader, a retired South African systems programmer, emailed last week to report that hed been targeted by telephone scammers offering technical support. First, they asked him to press the Windows start button, then enter this URL: www.startcontrol.com. That took his browser to a site labeled as
BeAnywhere support express
, which prominently features the following message: Please insert the reference supplied to you, with the reference referring to a six-digit PIN. They even give you a six-digit PIN, thats where I stopped them, 19 minutes later, he said.
BeAnywhere
is legitimate remote-control software. But who is Startcontrol.com? According to Alexa,
Startcontrol.com has been operating for 10 years
and ranks in the top 3.8 million of all websites globally. It appears that 77% of search engine traffic to the site involves Arabic speakers. A link to the websites Termos of Service, however, lead to a server error: 404 - File or directory not found message.
The sites whois listing says that the domain was registered by GoDaddy, which lists the sites administrative and technical contact as being based in Portugal. But an email sent to the listed whois contact bounced back with an error message that the account didnt exist. Likewise, the telephone number listed in the whois entry appears to be bogus; a call to that number lead to BSPI - Intelligent Business Solutions. An employee at the firm said his company, which resells Sophos security products, has no affiliation with startcontrol.com, and that hed never before heard of the company.
GoDaddy.com didnt immediately respond to an abuse report filed Friday morning for www.startcontrol.com.
3. Support Routines Might Be Real-Time Smokescreens.
One risk from allowing scammers to install software on your PC is that the support application might be used to disguise fraudulent activities. In April, for example, a reader emailed to say hed been cold-called by someone claiming to be a Microsoft representative, warning that he had numerous viruses on his computer. The caller offered to remove the viruses and get the PC running like new for free, provided he renew his software.
He then [asked] for card info which I gave him. Then I [got] an email from Western Union of a transfer of money which I did not authorize so I [checked] my account and found he had taken $882 out, said the reader. I called Western Union about it and they said there was nothing they could do as the money was picked up and they could not give me the name of who got it.
The supposed virus-killing offer seemed to mask fraudulent activity. He went so far as to show me all the errors he found but, while the program was supposed to be loading, my screen was black and I suspect that was when he was hitting my account, he said.
4. Telephone Scams: Cheap, Easy, Repeatable.
Microsoft support scams succeed in part because theyre cheap and easy to run. International call centers -- think boiler rooms -- are often used, situated in an inexpensive labor market such as India, and facilitated via low-cost VoIP telephony.
Thankfully, consumer watchdogs have been mobilizing. Last year, the Federal Trade Commission
cracked down on some tech support scams
, filing charges and freezing assets associated with 14 businesses and 17 people. It said the scam operations had successfully conned tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand and the United Kingdom, into paying between $49 and $450 for fake services.
At the time, the FTC detailed how many of these scam artists operate: When consumers agreed to pay the fee for fixing the problems, the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers computers, according to the FTC. Once the telemarketers took control of the consumers computers, they removed the non-existent malware and downloaded otherwise free programs.
5. Technobabble Warnings: Frozen DNS Trojan.
Obviously, support scams often succeed because many consumers dont understand Windows information security intricacies. But con artists often operate on the edge of believability, slowly reeling in even technologically savvy targets, who they might have caught unaware with an impromptu phone call.
One reader, for example, emailed earlier this year to say the lure of free technical support -- no apparent harm there -- initially caught her off guard. I just received one of those scam calls from an 800 number obviously from someone in India trying to tell me my computer was infected with a frozen DNS Trojan -- originally he said virus but switched to Trojan later in the call, she said. I didnt fall for it at all but was curious enough to find out exactly what he was up to. Eventually I told him I knew he was a scammer and didnt believe a word he was saying and hung up.
Technobabble aside, she reported almost falling for the scam. Im relatively computer savvy and for a brief second I wondered if this was for real, she said. So if I could be duped (even for a split second) I can see how people get pulled into this type of scam especially when the scammer tries to tell you this is all free for him to show you are infected with this virus or Trojan.
6. Virus Scanners Fake Results.
To try to get their way, scammers might bring psychological pressure to bear. For example, when Jerome Segura, senior malware research at Malwarebytes, was cold-called by tech support con artists he gave them access to a virtual machine.
They flew into repair rage
when he refused to pay $229 following their fake ministrations. They got mad and deleted documents and pictures from my (virtual) machine before cutting me off in a very rude way, he said in a blog post.
Fake bells and whistles might also be employed. This month, for example, Segura said he decided to call a tech-support number that flashed up in a pop-up advertisement window,
just to see where it might lead
. As before, he gave the tech support person who answered remote access to his PC -- not telling him it was a fully cleaned and isolated virtual machine -- on which he installed, as instructed,
TeamViewer software
, through which the supposed tech-support agent accessed the PC, then ran a downloaded scanner. Just two seconds later, the scanner reported extensive virus infections. Segura said his analysis of the scanners database found that it was stuffed with false positives which arent just accidents, but clearly used to add some drama.
Added drama or not, dont fall for tech-support scams.
People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital
How Hackers Fool Your Employees
issue of Dark Reading: Effective security doesnt mean stopping all attackers. (Free registration required.)

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Tech Support Scams: Why They Thrive