Technical support scam

src: pcdoctorsinc.com

A scam technical support refers to the class of fraudulent phone activity, where scammers claim to offer legitimate technical support services, often through cold calls to unsuspecting users. Such cold calls are mostly intended for Microsoft Windows users, with callers often claiming to represent Microsoft's technical support department.

In English-speaking countries such as the United States, Canada, the United Kingdom, Ireland, Australia and New Zealand, such cold call frauds have occurred in early 2008 and have mainly come from call centers in India.

Scammers will usually attempt to make victims allow remote access to their computers. Once remote access is obtained, the scammer relies on a trust trick that typically involves utilities built into Windows and other software to gain the victim's trust to pay for the "support" service that should, when the fraudster steals the victim's credit card account information, or to persuade the victim to enter to Internet banking - lie that secure servers are connected and that they can not see details - to receive the promised refund.

Video Technical support scam

Operasi

Fraud technical support usually depends on social engineering. Scammers use various confidence tricks to make victims install remote desktop software, by which they control the victim's computer, and then use various Windows components and utilities (such as Event Viewer), third-party utilities (such as rogue security software), and other tasks to make the victim believe that the computer has a problem that needs to be fixed, before proceeding for the victim to pay for "support".

Initiation

Fraud technical support can be started in different ways. It most often starts with a cold call, usually claiming to be associated with a legitimate-sounding third party, with names like "Microsoft" or "Windows Technical Support", or through advertisements on popular search engines like Bing or Google, cybersquatting and/or word spamming keys associated with commercial products and services that may be searched by suspected users (such as "Microsoft live chat", "Facebook support", or "Outlook sign-in help"), and leads to the web page that contains the number to be called. Some scams have started through pop-up ads on infected websites instructing potential victims to call a number. This pop-up often resembles an error message like Blue Screen of Death.

Remote access

Scammers instruct victims to download and install remote access programs, such as TeamViewer, LogMeIn, GoToAssist, ConnectWise Control (also known as ScreenConnect) etc., and provide them with the necessary details to remotely control their computers using the program..

Deceptions

After gaining access, the scammer seeks to convince the victim that their computer is experiencing problems that need to be fixed. A number of common methods are used during many technical support scams - mostly involving misinterpreting the content and output of various Windows tools and system directories as evidence of malicious activity, such as viruses and other malware. Usually parents and vulnerable will be targeted for technical support scams, or for people who are not familiar with computers.

• Scammers can redirect users to Windows' Event Viewer, which displays logs of various events for use by system administrators and expert users to troubleshoot. Although many log entries are relatively harmless notices, scammers can cheatly claim that log entries labeled as warnings and errors are evidence of malware or computer activity being corrupted, and errors must be "fixed".
• Scammers can display system folders that contain unusual files named, such as the Prefetch folder and the Windows Temp, and claim that the file is malware evidence on the system. In addition, the scammer can open some of these files (especially files in the Prefetch folder) in Notepad, which appears as "nonsense" characters. Scammers claim that malware has "corrupted" these files. In fact, most files in Prefetch are binary files (which can not be displayed correctly using Notepad) that speed up certain operations.
• Scammers can abuse the Command Prompt tool to generate suspicious outputs, for example, the tree or dir/s command, which lists files and directories. Scammers can claim non-malicious programs as malware scanners, and manually enter text that claims to be an error message (such as "security breach... trojan found") after the conclusion of the output.
• Scammers can misrepresent the values ​​and keys stored in the Windows Registry as malicious, such as harmless keys whose values ​​are listed as unassigned.
• The "Send to" function in Windows is associated with a unique global identifier. The output of the assoc command, which lists all file associations on the system, shows this relationship with the line ZFSendToTarget = CLSID \ {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} ; This GUID is the same on all versions of Windows. Scammers can claim that this is a unique ID used to identify a user's computer, or claim that the "CLSID" listed is actually a "Computer Licensing Security ID" that needs to be updated.
• Scammers can also claim that system "problems" are the result of "expiry" warranties on their hardware or software, for example, Windows Product Keys and persuade victims to pay for "updates".
• Scammers can run unclear Syskey utilities and configure startup passwords that are only known to them, thus locking victims of their own systems after the computer has been rebooted.
• Scammers can delete important Windows files and folders such as System32, leaving the computer unusable until the operating system has been reinstalled.
• The scammer can execute the Netstat command in the terminal/command window, which shows the victim's foreign IP address. He then informs the victim that these addresses belong to a hacker who has harassed the computer.

Destination

This trick is intended to target victims who may not be familiar with the use of these actual tools, such as inexperienced users and senior citizens - especially when these scams are initiated by cold calls. They then persuade victims to pay for services or software they think is designed to "fix" their computer, which is actually the malware that infects it or the software that causes other damage. Fraud in turn, gaining access to the victim's credit card information, which can be used to create additional fraud charges. After that, fraudsters can also claim that the victim is entitled to a refund, and asks the user's bank account information - which is used to steal more money from the victim, rather than giving the promised refund.

In an investigation conducted by Symantec employees, Orla Cox, it was revealed that after Cox paid a fee for a scammer to remove a malware infection that did not exist, the scammers would then just delete the logs in the Event Viewer and disable the Windows event logging feature. This just means that the error will no longer show up in Event Viewer, that is, there is a real malware on Cox's computer, it will remain intact.

Maps Technical support scam

Unethical and fake "support" company

Most complaints and discussions about cold-calling companies and offering "technical support" report them as not only incompetent or ineffective, but actively dishonest, painstakingly trying to convince the victim of a problem that is not there by trickery, and when it is possible to damage the computer they get access to. Computer support companies advertise in search engines like Google and Bing, but some are criticized hard, sometimes for practices similar to cold callers. One example is the iYogi company based in India, which has been reported by InfoWorld to use scare tactics and install unwanted software. In December 2015, the state of Washington sued iYogi's US operations to deceive consumers and make false claims to frighten users into buying their diagnostic software. iYogi, who was asked to respond formally at the end of March 2016, said before his response that the lawsuit was unfounded. In September 2011, Microsoft dropped Comantra, Gold Partner, from their Microsoft Partner Network because of allegations of involvement in cold call technical support fraud.

In December 2014, Microsoft filed a lawsuit against a California-based company that operated the fraud for "misusing Microsoft's name and trademark" and "creating security problems for victims by gaining access to their computers and installing malicious software, including password grabbers that can provide access to personal and financial information. "In an effort to protect consumers, Microsoft's advertising network, Bing Ads (which sells service ads on Bing and Yahoo! Search engines) changed its terms of service in May 2016 to prohibit advertising of third-party technical support services or ads claiming to "provide services that only the actual owner of the advertised product or service can" "provide.

In November 2017, a fraudulent company called Myphones Support tries to obtain user data information from scam baiters through courts by contacting the services used by scam baiters to disrupt their scamming business. This case is currently pending in court.

src: i.ytimg.com

See also

• Cybercrime in India
• List of self-confident tricks
• Telemarketing scams
• Virus hoax

src: blog.malwarebytes.com

References

src: www.malware-traffic-analysis.net

External links

• Official Microsoft support page about technical support fraud
• Official Symantec support page about technical support fraud
• Sample fraud with narration and screen recording on YouTube
• Investigation by recording by security research group
• Dial One for Scam: Large Scale Analysis of Technical Support Scams

Source of the article : Wikipedia