Dial One for Scam: A Large-Scale Analysis of Technical Support Scams is an academic paper, but interesting*. While it doesn’t tell seasoned scam watchers much we weren’t already aware of, it does take a systematic look at how the scheme is implemented, and hopefully that will be useful to someone in a better position to pursue more fundamental approaches than the occasional analyses from the anti-malware industry that this paper dismisses as ‘ad hoc’.
Sid Kirchheimer’s article from April 2017 for AARP – From Pop-Up Warnings to $9 Million Payout: Inside the Tech Support Scam – includes an easily-digestible summary of some of the main points of the paper.
Hat tip to Mich Kabay for bringing the article to my attention, and to Fat Security for flagging the paper for me some time ago.
*However, it’s irritating to see in section VII a paper of which I was co-author apparently credited to Malwarebytes. Reference  is to this paper for a Virus Bulletin conference – My PC has 32,539 Errors: how Telephone Support Scams really Work – and I appreciate having our work referenced.
Nevertheless, although Steve Burn, one of the authors, was indeed working for Malwarebytes, I was working for ESET, Martijn Grooten was working for Virus Bulletin, and Craig Johnston was an independent researcher. It is, of course, perfectly true that Malwarebytes researchers have done much useful research in this are.
On this site, I tend to focus on tech support scams in the context of telephone scams. However, here’s an interesting article by Bill Brenner for Sophos that focuses on other types of telephone scam:
- IRS tax scams
- Immigration scams
- Payday loan scams
- Government grant scams
The callers seem to be based in India and tend to impersonate government officials, and either threaten victims with tax-related fines and penalties or deportation, or promise services such as grants or loans (on payment of a ‘worthiness’ fee. Here’s the article:
(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)
Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’
Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service
Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”
AlienVault: MacSpy: OS X RAT as a Service
And still it goes on…
Tech support scammers poisoning Google search results is hardly new – see My PC has 32,539 errors: how telephone support scams really work – but there’s an interesting example flagged by Malwarebytes in the article Ads in Google Search Results Redirect Users to Tech Support Scam by Catalin Cimpanu. Also some useful commentary by Lisa Vaas for Sophos: Google ads for tech support scams – would you spot one?
A couple of items of general interest regarding ransomware:
I’ve commented a couple of times recently on the question of Ransomware: To pay or not to pay? and The economics of ransomware recovery.