Two students at Stony Brook University and their teacher spent 8 months collecting data and learning the ins and outs of tech support scams, what they discovered is a high-level network supported by online advertising that spreads malware (malvertising) and abuses businesses and people around the globe.   

The students built a custom tool they called RoboVic, that performed a “systematic analysis of technical support scam pages: identified their techniques, abused infrastructure and campaigns.” RoboVic records requests and responses and also clicks pop-ups, which are central to most tech-support scams.

These scams usually offer tech support via phone or online to innocent users under the guise of a Microsoft, Apple, or any other big brand support worker. The scam starts off with a popup, followed by a pop-up which makes users believe they have a virus and offers a phone number to call to protect your computer. Sometimes, these scams even go as far as turning your computer screen blue as if you have an actual virus.  

Like we said earlier, the source of many of these scams were through ads on genuine websites. This gives the scammers a chance to attack against someone who thinks they’re safe browsing a well-known companies site. The average amount of money asked for during the study was right around $300, but the prices ranged from $70 to $1,000!

“Technical support scam is a multi-channel scam that benefits from both the telephony channel and web channel to spread and perform the attack and it makes it difficult to track it and take it down.” said study co-author Najmeh Miramirkhani, a PhD Computer Science student at Stony Brook.

Over the course of the eight-month study, the two students called about 60 scammers acting as inexperienced users, gathering information on the scammers techniques and conduct. What was the most interesting thing they found? That very few of these users were operating solo, which means the majority are working together as a part of huge systematized call centers.  

“We discovered that scammers abuse popular remote administration tools (81% of scammers rely on two specific software products), to gain access to user machines where they then patiently attempt to convince users that they are infected with malware. We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections and then proceeds to request an average of $290.9 for repairing the ‘infected’ machines,” the authors said in their paper.

This sort of scam is showing no signs of decline, Miramirkhani says.

“So far, we collected more than 25K scam domains and thousands of scam phone numbers and we [have] evidence that this threat is not going to decrease soon and it still has an increasing trend,” Miramirhani said.

The authors stress that it’s important to educate individuals on how to avoid these types of scams, and suggest measures such as a browser extension that warns users about scam sites or a general education program. While older people and individuals unfamiliar with technology are the most vulnerable, the most important thing to do for everyone is to engage them in training to learn when to spot this multichannel scam.

According to the Microsoft website, here are some tips on protecting yourself from tech support scams:

• Do not purchase any software or services.

• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.

• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.

• Take the person’s information down and immediately report it to your local authorities.

• Never provide your credit card or financial information.

Another easy way to protect yourself is updating your computer. If you’re using an old laptop or computer, it may not be able to run certain anti-virus programs or other things of that nature. Also, make sure all software on your computer is up to date as that may help to fend off hacking attemps as well. 

It’s important to remain educated and current on these types of scams. People that are unfamiliar with the internet are the most vulnerable in situations like these, as it takes a trained eye to see the difference between a scam attack and reality.  Learning the subtle differences between the two can be difficult, it’s important to remain vigilant and, as always, trust your gut. These types of scams are incredibly prevalent; we get calls several times a week from OUR clients telling us that they have been duped by a spoof tech support website…be on the lookout!

Source: https://www.onthewire.io/inside-the-tech-support-scam-ecosystem/