The Mechanisms of Support Scamming

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams is an academic paper, but interesting*. While it doesn’t tell seasoned scam watchers much we weren’t already aware of, it does take a systematic look at how the scheme is implemented, and hopefully that will be useful to someone in a better position to pursue more fundamental approaches than the occasional analyses from the anti-malware industry that this paper dismisses as ‘ad hoc’.

Sid Kirchheimer’s article from April 2017 for AARP – From Pop-Up Warnings to $9 Million Payout: Inside the Tech Support Scam – includes an easily-digestible summary of some of the main points of the paper.

Hat tip to Mich Kabay for bringing the article to my attention, and to Fat Security for flagging the paper for me some time ago.

David Harley

*However, it’s irritating to see in section VII a paper of which I was co-author apparently credited to Malwarebytes. Reference [5] is to this paper for a Virus Bulletin conference – My PC has 32,539 Errors: how Telephone Support Scams really Work – and I appreciate having our work referenced.

Nevertheless, although Steve Burn, one of the authors, was indeed working for Malwarebytes, I was working for ESET, Martijn Grooten was working for Virus Bulletin, and Craig Johnston was an independent researcher. It is, of course, perfectly true that Malwarebytes researchers have done much useful research in this are.

Leave a Reply