Microsoft cites 24% jump in tech support scams

According to the FBI, cybercrooks have changed tactics and sometimes pose as government agents or tech support reps for GPS, printer or cable companies, or virtual currency exchangers.

Reports of tech support scams jumped by 24% last year, Microsoft said, with losses by the bilked averaging between $200 and $400 each.

"Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech support scams," Erik Wahlstrom, Windows Defender research project manager, wrote in a post last week to a Microsoft blog. "These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services."

Wahlstrom's post accompanied a presentation on tech support schemes that he gave the same day at the RSA Conference in San Francisco.

According to company data, Microsoft received 153,000 reports from customers who had encountered or fallen for tech support scams in 2017, an increase of nearly a quarter over the year prior. Of that number, approximately 15,000 - or about 1 in 10 - admitted that they'd lost money from such scams. With the range of losses Wahlstrom described, that meant Microsoft's customers paid out between $3 million and $6 million to criminals.

And that was only what was reported, and only to Microsoft. "As with many social engineering attacks, it's tricky to put an absolute number to the problem," Wahlstrom said. "The problem is so much bigger [than just Microsoft], given that tech support scams target customers of various other devices, platforms, or software."

Traditionally, support scams have relied on cold calls, where phony "technicians" dial numbers hoping to get someone to answer. But as they have outworn that tactic due to repetition and the ensuing attention, scammers have taken to other approaches, including email, malicious sites that pose as legitimate security services, malware whose purpose is to fleece individuals, and ransomware attackers.

All those vectors were designed to lead a potential victim to a call center. There, the supposed tech representative, often self-identifying as with Microsoft, Symantec or another easily-recognized technology company, tries to trick victims into believing that their computer is infected. At that point, the sale pitch starts, with the call center scammer trying to convince the consumer or business worker to download software or let the "technician" remotely access the PC.

Then the fraudsters charge for their worthless one-time "help," sell subscriptions to useless services or install code while they have the machines under their control.

It's a lucrative crime.

According to a late March bulletin from the FBI's Internet Crime Complaint Center, complaints last year cited losses of nearly $15 million, an 86% increase of the year before.

And, said the FBI, the crooks have continued to expand into virgin territories. "Criminals have started to pose as government agents, even offering to recover supposed losses related to tech support fraud schemes," the agency said. "Some recent complaints involve criminals posing as technical support representatives for GPS, printer, or cable companies, or support for virtual currency exchangers."

That last could be especially profitable for the scammers. When victims dialed a virtual currency support number - obtained through general web searches - they actually reached a call center, where a representative asked for access to the caller's "wallet," then transferred the digital-currency to another wallet, said the FBI, "for temporary holding during maintenance." Of course, that would be the last time the victim saw that money.

tech support scams attack chain Microsoft

All vectors in tech scams lead to a call center sooner or later. That's where pushy "technicians" try to trick people out of their treasure. 

In a PowerPoint slide deck that Wahlstrom used for his RSA talk - video of his presentation was not available - he argued that although Microsoft can detect signals that a scamming cold call is in progress, including JavaScript tricks the current site may use or the offering of online payment, warning the potential victim, at least at that point, may not be the solution.

"Ramping up notifications is exactly the wrong thing to do," "people don't want to be informed" and "We can block but should we?" stated one of the PowerPoint slides.

Instead, Wahlstrom contended in his blog post, the problem is one that requires attention from many players. "Beyond customer education, the scale and complexity of tech support scams require cooperation and broad partnerships across the industry," he said. "It's high time for the industry to come together and put an end to the tech support scam problem."

Copyright © 2018 IDG Communications, Inc.

Shop Tech Products at Amazon