How the "tech support" scam works

Security researchers at Stony Brook deliberately visited websites that try to trick visitors into thinking that their computers are broken, urging them to call a toll-free "tech support" number run by con artists that infect the victim's computer with malware, lie to them about their computer's security, and con them out of an average of $291 for "cleanup services."

The researchers presented their findings -- including recordings and transcripts of their interactions with the con artists -- in a paper called Dial One for Scam: A Large-Scale Analysis of Technical Support Scams, which they presented at this year's Network and Distributed Systems Security Symposium. Over the course of 60 calls, they found that the con artists all followed a narrow script. By backtracking the con artists' connections to their PCs, the researchers were able to determine that the majority of the scammers (85%) are in India, with the remainder in the USA (10%) and Costa Rica (5%).

The researchers found 22,000 instances of the scam, but they all shared about 1,600 phone numbers routed primarily through four VoIP services: Twilio, WilTel, RingRevenue, and Bandwidth. They also used multiple simultaneous dial-ins and counted the busy signals as a proxy for discovering which numbers led to the most organized gangs.

Once connected, the scammers would click around the would-be victim’s computer and ask about recent usage, implying that whatever the caller had done had led to the machine’s corruption. They’d praise the computer’s underlying hardware, to give the victim a sense that cleaning up its infections would be worth the money. Then they’d point to entirely normal but obscure features of the operating system—listing Windows’ “stopped” services, Netstat scans, Event Viewer, and so on—as evidence of malware or hacker intrusions. Finally, they’d tell the victims about pricing plans for cleanup services, which averaged $291.

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams [Najmeh Miramirkhani, Oleksii Starov and Nick Nikiforakis/Stony Brook]

Listen to ‘Tech Support’ Scam Calls That Bilk Victims Out of Millions [Andy Greenberg/Wired]

(Image: Callcentre, Petiatil, PD)

Notable Replies

  1. I have an app that pretty much stops all scams and malware.

    It's called Common Sense 2017 (I update it yearly).

  2. These are true scumbags who prey on the elderly. Somehow my mother got on their sucker list, and for years they've been calling at least a couple of times a week demanding payment for their "help."

    When I'm visiting her and they call, I like to pick up the phone and mess with them. So there's some small entertainment value in it.

  3. I kept the guy on the phone for almost 20 minutes, explaining that I knew what he was doing, and questioning whether it was ethically and religiously defensible in his own cultural terms. He was Hindu & Indian by birth, and I'm reasonably familiar with the ethos, so I had him pretty worked up after a while. I told him I'd pray for him, and that I hoped his family never found out that he was actively helping wealthy people commit crimes against the weak and elderly, and that he was almost certainly condemning himself to a lower incarnation in the next hundred lives, and just generally tried to provide a negative experience that would stick with him. I never raised my voice or said anything aggressive at all, just kept saying things like "I understand you need the money, but you are doing this for a boss, does the boss need the money, or is he an immoral person that you are helping?" and stuff like that.

  4. I play it all horrified. Just responding with "A virus? On my computer? Oh dear, that's awful. What IP address do you see it coming from?" is good for 5 minutes of scrambling on the other other end. It invariably results in a response of "" followed by my laughter followed by some clumsy cursing in broken English.

  5. One really sad thing about this is that I know it's a scam because even legitimate tech support for things I've bought have never been able to help me with anything.

Continue the discussion

10 more replies