300 victims report fake support calls to security org
Internet Storm Center collects info on scam for research
Computerworld - The Internet Storm Center (ISC), an arm of the SANS Technology Institute, has started collecting reports of fake support calls in an attempt to figure out how prevalent the scam is among computer owners.
"We are trying to better understand how common 'Fake Tech Support' calls are, and what they are trying to achieve," the security organization said on its website last week.
ISC has published a form where users can report an attempted or successful scam, with fields asking for information on the gender of the caller; whether they have a strong accent, perhaps indicating that the call originated outside the U.S.; whether the caller asked the user to allow remote access to the PC; and whether they requested a credit card.
In the five days since ISC posted the form, it has collected nearly 300 reports, according to a statistics page.
Nearly 93% of the calls were conducted by a human, 84% of the callers were male, and 91% had a discernible accent, ISC said.
Almost half -- 45% -- of the callers asked the user to allow remote access to the PC, but only 15% tried to pry credit card data from the victim. The latter's low percentage was at odds with email that Computerworld has received from readers, but may hint at the ISC website audience's higher level of technical expertise: Those reporting scams to ISC may have ended the call before the swindler asked for a credit card.
Unsolicited support calls have continued to plague computer owners, particularly consumers and small businesses.
The scams are based on a combination of aggressive sales tactics, lies and half-truths. Callers pose as computer support technicians, often from Microsoft, but also from name-brand computer makers such as Dell or large security companies like Symantec, and try to fool people into believing that their computer is infected, often by having them look at a Windows log that typically shows scores of harmless or low-level errors. At that point, the sale pitch starts, with the caller trying to convince the consumer to download software or let the "technician" remotely access the PC.
The con artists charge for their "help" and often get people to pay for worthless software or services. The software may be worse than useless, as some scammers plant malware that steals online account information and passwords from the PC.
Not every fake support scam starts with the victim's phone ringing: Some people find phone numbers after searching the Web with phrases like "Microsoft tech support," and find results that lead to disreputable firms, not the Redmond, Wash. company's help desk.
"I have had three customers fall for the scam and they initiated it," said Nat Garrison, Jr., a North Carolina computer consultant, in an email to Computerworld last month. "Two of them were trying to get technical support for Microsoft Outlook and the third was trying to add another license to his Office 365. All three of them used Google to find the phone number for Microsoft's technical support. They all got connected to someone with a strong Indian accent who wanted to remotely connect to their computers."
ISC said that it may share the collected information with other researchers tracking the scams. "We had one university request a data dump," said Johannes Ullrich, SANS' chief research officer, in an email reply to questions Tuesday. "They where looking at some trends along the lines of what we have [in our statistics] summary."
The scam data project and the ISC reporting form can be found on its website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts