300 victims report fake support calls to security org
Internet Storm Center collects info on scam for research
Computerworld - The Internet Storm Center (ISC), an arm of the SANS Technology Institute, has started collecting reports of fake support calls in an attempt to figure out how prevalent the scam is among computer owners.
"We are trying to better understand how common 'Fake Tech Support' calls are, and what they are trying to achieve," the security organization said on its website last week.
ISC has published a form where users can report an attempted or successful scam, with fields asking for information on the gender of the caller; whether they have a strong accent, perhaps indicating that the call originated outside the U.S.; whether the caller asked the user to allow remote access to the PC; and whether they requested a credit card.
In the five days since ISC posted the form, it has collected nearly 300 reports, according to a statistics page.
Nearly 93% of the calls were conducted by a human, 84% of the callers were male, and 91% had a discernible accent, ISC said.
Almost half -- 45% -- of the callers asked the user to allow remote access to the PC, but only 15% tried to pry credit card data from the victim. The latter's low percentage was at odds with email that Computerworld has received from readers, but may hint at the ISC website audience's higher level of technical expertise: Those reporting scams to ISC may have ended the call before the swindler asked for a credit card.
Unsolicited support calls have continued to plague computer owners, particularly consumers and small businesses.
The scams are based on a combination of aggressive sales tactics, lies and half-truths. Callers pose as computer support technicians, often from Microsoft, but also from name-brand computer makers such as Dell or large security companies like Symantec, and try to fool people into believing that their computer is infected, often by having them look at a Windows log that typically shows scores of harmless or low-level errors. At that point, the sale pitch starts, with the caller trying to convince the consumer to download software or let the "technician" remotely access the PC.
The con artists charge for their "help" and often get people to pay for worthless software or services. The software may be worse than useless, as some scammers plant malware that steals online account information and passwords from the PC.
Not every fake support scam starts with the victim's phone ringing: Some people find phone numbers after searching the Web with phrases like "Microsoft tech support," and find results that lead to disreputable firms, not the Redmond, Wash. company's help desk.
"I have had three customers fall for the scam and they initiated it," said Nat Garrison, Jr., a North Carolina computer consultant, in an email to Computerworld last month. "Two of them were trying to get technical support for Microsoft Outlook and the third was trying to add another license to his Office 365. All three of them used Google to find the phone number for Microsoft's technical support. They all got connected to someone with a strong Indian accent who wanted to remotely connect to their computers."
ISC said that it may share the collected information with other researchers tracking the scams. "We had one university request a data dump," said Johannes Ullrich, SANS' chief research officer, in an email reply to questions Tuesday. "They where looking at some trends along the lines of what we have [in our statistics] summary."
The scam data project and the ISC reporting form can be found on its website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts