300 victims report fake support calls to security org
Internet Storm Center collects info on scam for research
Computerworld - The Internet Storm Center (ISC), an arm of the SANS Technology Institute, has started collecting reports of fake support calls in an attempt to figure out how prevalent the scam is among computer owners.
"We are trying to better understand how common 'Fake Tech Support' calls are, and what they are trying to achieve," the security organization said on its website last week.
ISC has published a form where users can report an attempted or successful scam, with fields asking for information on the gender of the caller; whether they have a strong accent, perhaps indicating that the call originated outside the U.S.; whether the caller asked the user to allow remote access to the PC; and whether they requested a credit card.
In the five days since ISC posted the form, it has collected nearly 300 reports, according to a statistics page.
Nearly 93% of the calls were conducted by a human, 84% of the callers were male, and 91% had a discernible accent, ISC said.
Almost half -- 45% -- of the callers asked the user to allow remote access to the PC, but only 15% tried to pry credit card data from the victim. The latter's low percentage was at odds with email that Computerworld has received from readers, but may hint at the ISC website audience's higher level of technical expertise: Those reporting scams to ISC may have ended the call before the swindler asked for a credit card.
Unsolicited support calls have continued to plague computer owners, particularly consumers and small businesses.
The scams are based on a combination of aggressive sales tactics, lies and half-truths. Callers pose as computer support technicians, often from Microsoft, but also from name-brand computer makers such as Dell or large security companies like Symantec, and try to fool people into believing that their computer is infected, often by having them look at a Windows log that typically shows scores of harmless or low-level errors. At that point, the sale pitch starts, with the caller trying to convince the consumer to download software or let the "technician" remotely access the PC.
The con artists charge for their "help" and often get people to pay for worthless software or services. The software may be worse than useless, as some scammers plant malware that steals online account information and passwords from the PC.
Not every fake support scam starts with the victim's phone ringing: Some people find phone numbers after searching the Web with phrases like "Microsoft tech support," and find results that lead to disreputable firms, not the Redmond, Wash. company's help desk.
"I have had three customers fall for the scam and they initiated it," said Nat Garrison, Jr., a North Carolina computer consultant, in an email to Computerworld last month. "Two of them were trying to get technical support for Microsoft Outlook and the third was trying to add another license to his Office 365. All three of them used Google to find the phone number for Microsoft's technical support. They all got connected to someone with a strong Indian accent who wanted to remotely connect to their computers."
ISC said that it may share the collected information with other researchers tracking the scams. "We had one university request a data dump," said Johannes Ullrich, SANS' chief research officer, in an email reply to questions Tuesday. "They where looking at some trends along the lines of what we have [in our statistics] summary."
The scam data project and the ISC reporting form can be found on its website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts