Category Archives: support scams

Tech Support Scammers Target BT Customers

Well, this isn’t the first time. But a report by Kat Hall for The Register suggests that some of the scammers may have more information about potential victims than they should. Which makes me wonder whether there’s a leak similar to that affecting TalkTalk customers. I’ve certainly been contacted in the past by BT sales people who were clearly not based in the UK.

I don’t know whether there’s been such a leak at BT, of course. However, it’s not unknown for people working in legitimate support to be also implicated in some way in support scamming, whether by leaking data or by working in a call centre that encourages scam calling as well as offering legit support for legit organizations. And it’s hard to police that kind of activity.

That article by Kat Hall: Indian call centre scammers are targeting BT customers – In some cases fraudsters knew their mark’s personal details

David Harley

Tech support scams – FTC offers money back…

…well, there’s no foolproof way of doing that (getting your money back, that is), unfortunately. But Shaun Nichols reports for The Register that FTC ready to give back tech support scamming money to the bilked.

“Those who have been identified as eligible by the FTC will get an email from the commission with a PIN number that can be used to obtain the claim forms. In order to claim a share of the payout, consumers will have to fill out a claim before October 27.”

The article does, very sensibly, point out the risk that scammers will use the FTC’s initiative as a springboard for further scams. Unfortunately, I can’t predict exactly what form such scams will take, but I’d be surprised if they don’t happen…

The Federal Trade Commission’s own press release is here: FTC Announces Refund Process for Victims of Deceptive Tech Support Operation.

It states:

Eligible consumers bought tech support products and services between April 2012 and November 2014 from Advanced Tech Support, which also used the name Inbound Call Experts. Consumers will have until October 27, 2017 to submit a request for a refund.

David Harley

Talk Talk fined for support scam issue

The Register: TalkTalk fined £100k for exposing personal sensitive info – 21,000 accounts handled by Indian outsourcing biz exposed

‘…TalkTalk found an issue with the UK ISP’s portal … One of the companies with access to the portal was Wipro, a multinational IT services company in India that resolved high level complaints and addressed network coverage problems on TalkTalk’s behalf … three Wipro accounts … had been used to gain unauthorised and unlawful access to the personal data of up to 21,000 customers.’

See also TalkTalk confesses: Scammers have data about our engineers’ visits to your home Info exploited, say customers

Added to tech support resources page, of course.

David Harley

Tech Support Scams and Google

And still it goes on…

Tech support scammers poisoning Google search results is hardly new – see My PC has 32,539 errors: how telephone support scams really work – but there’s an interesting example flagged by Malwarebytes in the article Ads in Google Search Results Redirect Users to Tech Support Scam by Catalin Cimpanu. Also some useful commentary by Lisa Vaas for Sophos: Google ads for tech support scams – would you spot one?

David Harley

Spanish Harmada: support scams sail again

Here’s another article by Josep Albors and myself for ESET: Spanish Harmada: more on tech support scams. Excerpt:

‘After our recent joint blog Support scams now reign in Spain, Josep Albors was contacted by a Spanish online newspaper asking for further information and general commentary. So here, first, is my general commentary on the evolution of the tech support scam and why the current high incidence of reports in Spain (and, to a lesser extent, other parts of the world) is so significant. The subsequent article in El Confidencial can be found here (in Spanish).’

David Harley

Should TalkTalk block TeamViewer?

It’s hardly a secret that TalkTalk has had problems with tech support scams. Or at any rate its customers have, leading to suspicions that some of the scammers “… know more about their intended victims (and their issues with TalkTalk) than they should.” I don’t suppose for a moment that TalkTalk is actively cooperating with known scammers, of course, but it was widely reported last year that three call-centre workers at Wipro, to which TalkTalk outsourced some support services in 2011, had been arrested on suspicion of – according to the BBC – selling TalkTalk customer data.

The BBC’s recent report also asserts that TalkTalk customers are targeted by “an industrial-scale fraud network in India”. Commentary from Sophos hints that the issue is ‘related not to TalkTalk but to one of its subcontractors’.

TalkTalk has set up a site in cooperation with Get Safe Online called Beat The Scammers, which it describes as “an education and awareness campaign … designed to help you protect yourself from the growing threat of scams”. The site does seem to offer some reasonable advice and offer a certain amount of insight into how these particular scammers appear to be operating, though it seems focused on old-school cold-calling rather than on pop-ups directing victims to ‘helplines’. Still, most of the old tricks are still used by ‘next-generation’ scammers.  And in fact, I quite like the idea of ‘The Nevers’, a short list of things that a TalkTalk representative ‘will never do’. For instance:

  • Ask for a customer’s full password (apparently they may ask for two digits)
  • Ask for bank details to process a refund (details the company should already have)
  • Ask the customer to send money through services like MoneyGram or Western Union (two services very commonly used by scammers)

However, the company has also upset some of its customers, according to Kat Hall (writing for The Register), by blocking TeamViewer, a remote access/desktop management tool – TalkTalk blocks TeamViewer – Wants to protect customers from phishing and scamming.

It’s perfectly true that TeamViewer, like AMMYY and several similar tools/sites, is widely used by support scammers. But it’s a legitimate service also widely used for entirely legitimate desktop management purposes. A blanket ban on its use is rather like an anti-malware application deciding to make it impossible for a customer to run ‘Possibly Unwanted’ or ‘Possibly Unsafe’ applications. We don’t do that – well, most of us don’t – because although it might make some customers safer, some people would be seriously inconvenienced by it. Apart from the fact that those people would have to take their business elsewhere, it hardly seems appropriate for a security company to deny its customers access  to legitimate services. There is a classic tripod model of security, said to consist of Confidentiality, Integrity, and Availability. Take away availability, and what you have is no longer security.

David Harley

Technet: Elementary, my dear scammer

An article for Microsoft’s Technet describes a somewhat innovative tech support scam. It uses a script associated with the JS/Techbrolo family, known for its habit of generating fake alerts involving dialogue loops and audio messages. So far so average. But in this case, the pop-up isn’t a dialogue loop, but a website element of the scam page. If the victim clicks anywhere on the ‘dialogue box’ or anywhere else on the page, he or she is presented with what looks like a full-screen browser page open at something looking very much like a Microsoft support URL: however, it’s actually just another website element.

Microsoft: Breaking down a notably sophisticated tech support scam M.O.

HT to David Bisson, whose Tripwire blog drew this to my attention: Tech Support Scam Uses Website Elements to Spoof Microsoft Support Page

Tech Support Scams in Spain

My colleague Josep Albors came to a surprising conclusion in his Spanish language blog article Fake technical support is the most detected threat in Spain during January. I was so taken with the article that I generated a somewhat free translation with copious extra commentary for WeLiveSecurity: Support scams now reign in Spain.

David Harley