1000/1000
Hot
Most Recent
A technical support scam refers to any class of telephone fraud activities in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. Such calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department. In English-speaking countries such as the United States , Canada , United Kingdom , Ireland, Australia and New Zealand, such cold call scams have occurred as early as 2008. and primarily originate from call centers in India . The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks, typically involving utilities built into Windows and other software, in order to gain the victim's trust to pay for the supposed "support" services. The scammer will often then steal the victim's credit card account information or persuade the victim to log in to their online banking account to receive a promised refund, only to steal more money, claiming that a secure server is connected and that the scammer cannot see the details. Many schemes involve convincing the victim to purchase expensive gift cards and then to divulge the card information to the scammer.
Technical support scams typically rely on social engineering. Scammers use a variety of confidence tricks to persuade the victim to install remote desktop software (often by informing the victim that the scammer is connecting the computer to a "secure server"), with which the scammer can then take control of the victim's computer. With this access, the scammer may then launch various Windows components and utilities (such as the Event Viewer), install third-party utilities (such as rogue security software) and perform other tasks in an effort to convince the victim that the computer has critical problems that must be remediated, such as infection with a virus. The scammer will urge the victim to pay, with a credit card or gift card, so the issues may be "fixed".[1][2][3]
Technical support scams can begin in a variety of ways.[2][4] A scam most commonly begins with a cold call, usually claiming to be associated with a legitimate-sounding third party, with a name like "Microsoft", "Windows Technical Support" or "HP Support" .[5] Scammers have also lured victims by purchasing keyword advertising on major search engines (with ads triggered by phrases such as "Microsoft live chat", "Facebook support", or "Outlook login help"), though both Bing and Google have taken steps to restrict such schemes. Other techniques include email spamming and cybersquatting to lead potential victims to web pages containing scammers' phone numbers.[6][7] Some scams have been initiated via pop-up ads on infected websites instructing the potential victim to call a number. These pop-ups often closely resemble legitimate error messages such as the Blue Screen of Death.[8][9]
While normally following a script, the scammer usually instructs the victim to download and install a remote access program, such as TeamViewer, AnyDesk, LogMeIn, GoToAssist,[10] etc. With the software installed, the scammer convinces the victim to provide them with the remote access software's credentials or other details required to initiate a remote-control session, giving the scammer complete control of the victim's desktop.[1][11]
After gaining access, the scammer attempts to convince the victim that the computer is suffering from problems that must be repaired, most often as the putative result of malicious hacking activity. Scammers use several methods to misrepresent the content and significance of common Windows tools and system directories as evidence of malicious activity, such as viruses and other malware. Normally the elderly and other vulnerable parties, such as those with limited technical knowledge, are targeted for technical support scams.
tree
or dir /s
command, which displays an extensive listing of files and directories. The scammer may claim that the utility is a malware scanner, and while the tool is running, the scammer will enter text purporting to be an error message (such as "security breach ... trojans found") that will appear when the job finishes, or into a blank Notepad document.[13]assoc
, which lists all file associations on the system, displays this association with the line ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
; this GUID is the same on all versions of Windows. The scammer may claim that this is a unique ID used to identify the user's computer, or claim that the CLSID listed is actually a "Computer Licence Security ID" that must be renewed.[14][15]syskey
utility and configure a startup password known only to the scammer, thereby locking the victim out of their own system after the computer is rebooted.[16][17] As syskey
is only present in Windows versions previous to Windows 10, the scammer may force the user to become locked out by installing a keylogger and changing the user's account password and/or setting a PIN login requirement if the victim's computer runs on Windows 10.[18]system32
, making the computer unusable until the operating system has been reinstalled.netstat
command in a terminal/command window, which shows local and foreign IP addresses. The scammer then tells the victim that these addresses belong to hackers that have intruded the computer.rundll32.exe
is a virus. Often, the scammer will search the web for an article about the Windows process and will scroll to a section saying that the process name can also possibly be part of malware, even though the victim's computer does not contain that malware.These tricks are meant to target victims who may be unfamiliar with the actual uses of these tools, such as inexperienced users and senior citizens—especially when the scam is initiated by a cold call.[1][5][19] The scammer then coaxes the victim into paying for the scammer's services or software, which they claim is designed to "repair" or "clean" the computer but is actually malware that infects it or software that causes other damage, or does nothing at all.[20] The scammer may gain access to the victim's credit card information, which can be used to make additional fraudulent charges. Afterward, the scammer may also claim that the victim is eligible for a refund, and request the user's bank account information—which is instead used to steal more money from the victim, rather than providing the promised refund.[2][4][5][12][21][22] Alternatively, a scammer may attempt to request payment using gift cards for online platforms such as Amazon.com, Google Play, and iTunes Store.[23][24]
Some technical support scammers may surreptitiously open the victim's webcam in order to see what their victim looks like. They may also configure TeamViewer or other remote access clients for unattended access to the user's computer, so that they may return later and try to harass or intimidate a victim.
Unlike legitimate companies, if their targets show resistance or refuse to follow the scammer or pay them, the scammer may become belligerent and insult, threaten[25][26] or even blackmail the user into paying them. Crimes threatened to be inflicted on victims or their families by scammers have ranged from theft, fraud and extortion,[27] to serious crimes such as assault, rape[28] and murder. Canada citizen Jakob Dulisse reported to CBC that, upon asking the scammer why he had been targeted, the scammer responded with a death threat; 'Anglo people who travel to the country' (India ) were 'cut up in little pieces and thrown in the river.'[29][30]
In an investigation conducted by Symantec employee Orla Cox, it was revealed that after Cox paid for the fee for the scammer to remove the nonexistent "malware" infections, the scammers would then merely clear the log in the Event Viewer and disable Windows' event logging feature. This merely means that errors would no longer appear in the Event Viewer, i.e. had malware actually existed on Cox's computer, it would remain intact.[31]
The great majority of the complaints and discussion about companies that cold-call and offer "technical support"[32] report them as being not merely incompetent or ineffective, but actively dishonest, doggedly trying to convince the victim of non-existent problems by trickery and, when possible, damaging the computer to which they gain access.[2][33][34] Computer-support companies advertise on search engines like Google and Bing,[32][35] but some are heavily criticised, sometimes for practices similar to those of the cold callers. One example is the India-based company iYogi, which has been reported by InfoWorld to use scare tactics and install undesirable software.[36][37] In December 2015, the Washington (state) sued iYogi's US operations for scamming consumers and making false claims in order to scare the users into buying iYogi's diagnostic software.[38] iYogi, which was required to respond formally by the end of March 2016,[39] said before its response that the lawsuit filed was without merit.[40] In September 2011, Microsoft dropped Comantra, a Gold Partner, from its Microsoft Partner Network following accusations of involvement in cold-call technical-support scams.[41]
In December 2014, Microsoft filed a lawsuit against a California -based company operating such scams for "misusing Microsoft's name and trademarks" and "creating security issues for victims by gaining access to their computers and installing malicious software, including a password grabber that could provide access to personal and financial information".[42] In an effort to protect consumers, Microsoft-owned advertising network Bing Ads (which services ad sales on Bing and Yahoo! Search engines)[43][44] amended its terms of service in May 2016 to prohibit the advertising of third-party technical support services or ads claiming to "provide a service that can only be provided by the actual owner of the products or service advertised".[6][45] Google Search followed suit in August 2018, but went further by banning any advertising related to technical support, regardless of source, citing that it had become too difficult to differentiate legitimate providers from scams.[46]
File:Dozens of Individuals Indicted in Multimillion-Dollar Indian Call Center Scam Targeting U.S. Victims.webm As a result of the country formerly being a territory of the British Empire, as well as a strong presence of English taught as a second language and a vast urban population, India has millions of English speakers who are competing for relatively few jobs. One municipality had 114 jobs and received 19,000 applicants.[47] This high level of unemployment serves as an incentive for tech scamming jobs, which can be lucrative. Many scammers do not realize they are applying for tech scam jobs, but many often stay and continue to scam people even after they realize what they are doing. When one tech scammer was asked why she continues to work for scammers she replied, "You think because the people who run these call centres are making so much money every day, you might as well make some of it while you are here."[47] When the BBC interviewed another tech scammer in India and asked why he victimized people he replied, "It was easy money," and then went on to detail how he bought fancy cars and designer clothes.[48] Scammers in India often convince themselves that they are targeting wealthy people in the West, and that this justifies their theft.[48] In March 2020 the BBC published a joint string operation with grey hat hacker and scambaiter Jim Browning, in which they managed to get access to a scam call center located in the Gurugram suburb of Delhi. Browning managed to hack the security cameras of the scam call center and recorded the internal functions of the operation, including a meeting that the owner, Amit Chauhan, held with associates in which they discussed the details of their criminal activities.[48]
Tech support scammers are regularly targeted by scam baiting[49] both online and offline, with individuals seeking to raise awareness of these scams by uploading recordings on platforms like YouTube and cause scammers inconvenience by wasting their time and disrupting their operations.
Advanced scam baiters may infiltrate the scammer's computer, then disable it by deploying RATs, distributed denial of service attacks and destructive computer viruses. Scam baiters may also attempt to lure scammers into exposing their unethical practices by leaving dummy files or malware disguised as confidential information, such as credit/debit card information and passwords, on a virtual machine for the scammer to attempt to steal, only to himself or herself become infected. Sensitive information important to carrying out further investigations may be retrieved, and additional information on the rogue firm may then be posted or compiled online to warn potential victims.[50]
In November 2017, a company called Myphonesupport initiated a petition seeking the identities of John Doe defendants in a New York case involving a telephonic denial-of-service attack against its call centers. The case has since been disposed.[51]
In March 2020, an anonymous YouTuber under the alias Jim Browning successfully infiltrated and gathered drone and CCTV footage of a fraudulent call centre scam operation through the help of fellow YouTube personality Karl Rock. Through the aid of the British documentary programme Panorama, a police raid was carried out when the documentary was brought to the attention of assistant police commissioner Karan Goel,[52] leading to the arrest of call centre operator Amit Chauhan who also operated a fraudulent travel agency under the name "Faremart Travels".
Kitboga is an American scambaiter who regularly streams videos on Twitch and uploads highlights on YouTube. He began baiting in mid-2017 after he found out that his grandmother was a victim of many types of scams designed to prey on the elderly, both online and in-person. To misdirect scammers away from his real identity, as well as for viewer entertainment, Kitboga often acts as a number of characters during his videos, including an 80-year-old grandmother named Edna[53] or a valley girl named Nevaeh,[54] using a voice modulator.[55] In his videos, Kitboga engages in scambaiting several types of scammers, a majority of whom operate call centers in India . Besides technical support scammers, he also engages with refund scammers, IRS scammers, and others. He has also targeted telephone scammers marketing fake cures for COVID-19.[55]