Technical Support Scam

from Wikipedia, the free encyclopedia

Technical Support Scam (also tech support fraud ) is a type of telephone fraud in which the scammer pretends to work for a company in the computer services sector. The target of the calls are mostly users of Microsoft Windows (or, more rarely, MacOS ), to whom the fraudster often states that he either works for Microsoft or for a service company on its behalf.

The contact is made either by an unsolicited and surprising telephone call by the fraudster (whereby the telephone number is disguised by Call ID spoofing ) or the victim is induced to call the fraudster on a mostly free telephone number (e.g. by displaying an intimidating pop-up in the Web browser ).

The criminal usually tries to gain remote access to the victim's computer, which often gives him access to sensitive data of the victim such as bank details, insurance information, address and personal documents. Then the fraudster tries to trick the victim into paying an amount of money for allegedly solving alleged problems or for allegedly necessary security software.

Remote access

Remote access is usually done using remote maintenance software that is actually legal, such as TeamViewer , LogMeIn , AnyDesk , GoToAssist etc.

Tricks

Once the victim has been deceived and the system has been accessed remotely, the fraudsters often use tricks to seemingly prove to the victims that there are problems that need to be repaired.

  • The fraudster could open the Event Viewer program installed as standard under Windows in front of the victim's eyes , which shows a list of various events that are actually intended for system administrators. Many of the entries shown there are usually harmless, but the words "Warning" and "Error" in particular, the typically large number of entries, and the scammers' ability to persuade victims may lead victims to believe that the problem is serious.
  • The scammer could use Cmd.exe tools such as treeor dir /s. Both simply list large amounts of files or folders, but it may appear to the victim that they are actually being used to search their computer for problems. The fraudster can use the time of listing to enter his own text, which is then displayed to the victim after running through one of the commands. This text could be an indication, for example, that a virus or malware was allegedly found or that licenses have expired and must be renewed for a fee.
  • The program syskeycould be improperly used by the fraudster to lock the victim's computer with a password that must be entered when the computer starts up. Without the password, the victim no longer has access to their own computer. syskeywas removed from new versions of Windows 10 by Microsoft.
  • The command netstatcould be used to list local and foreign IP addresses. The fraudster would then convince the victim that they belong to hackers who allegedly gained access to the victim's computer.

References and resources

  1. Protect against fraudulent notifications that appear to come from tech support . Microsoft. Retrieved February 26, 2019.
  2. ^ I am calling you from Windows: A tech support scammer dials Ars Technica . Retrieved February 26, 2019.
  3. How to Identify & Remove Fake Pop - up | Avoid Tech Support Scams. In: Official Norton Support. Symantec , accessed March 2, 2019 .
  4. Kurt Sagatz: Internet fraudsters pretend to be hotline employees . In: Der Tagesspiegel Online . May 7, 2015, ISSN  1865-2263 ( tagesspiegel.de [accessed June 15, 2018]).
  5. Scamming the scammers - catching the virus call center scammers red-handed. February 21, 2012, accessed August 28, 2019 .
  6. ^ K. Allen says: Beware of Microsoft Tech Support Scammers. Retrieved August 28, 2019 .
  7. 'Microsoft Partner' Claims Fuel Support Scams - Cancer on Security. Retrieved August 28, 2019 (American English).
  8. Syskey.exe utility is no longer supported in Windows 10. Retrieved August 28, 2019 .
  9. Don't fall for the netstat scam. September 1, 2014. Retrieved August 29, 2019 (American English).