Security researchers at Stony Brook deliberately visited websites that try to trick visitors into thinking that their computers are broken, urging them to call a toll-free "tech support" number run by con artists that infect the victim's computer with malware, lie to them about their computer's security, and con them out of an average of $291 for "cleanup services."
The researchers presented their findings -- including recordings and transcripts of their interactions with the con artists -- in a paper called Dial One for Scam: A Large-Scale Analysis of Technical Support Scams, which they presented at this year's Network and Distributed Systems Security Symposium. Over the course of 60 calls, they found that the con artists all followed a narrow script. By backtracking the con artists' connections to their PCs, the researchers were able to determine that the majority of the scammers (85%) are in India, with the remainder in the USA (10%) and Costa Rica (5%).
The researchers found 22,000 instances of the scam, but they all shared about 1,600 phone numbers routed primarily through four VoIP services: Twilio, WilTel, RingRevenue, and Bandwidth. They also used multiple simultaneous dial-ins and counted the busy signals as a proxy for discovering which numbers led to the most organized gangs.
Once connected, the scammers would click around the would-be victim’s computer and ask about recent usage, implying that whatever the caller had done had led to the machine’s corruption. They’d praise the computer’s underlying hardware, to give the victim a sense that cleaning up its infections would be worth the money. Then they’d point to entirely normal but obscure features of the operating system—listing Windows’ “stopped” services, Netstat scans, Event Viewer, and so on—as evidence of malware or hacker intrusions. Finally, they’d tell the victims about pricing plans for cleanup services, which averaged $291.
Dial One for Scam: A Large-Scale Analysis of Technical Support Scams [Najmeh Miramirkhani, Oleksii Starov and Nick Nikiforakis/Stony Brook]
Listen to ‘Tech Support’ Scam Calls That Bilk Victims Out of Millions [Andy Greenberg/Wired]
(Image: Callcentre, Petiatil, PD)