It so happens that I live over 5,000 miles from the
ESET North America office in San Diego, and so tend not to have water
cooler conversations with the people located there. Of course,
researchers working for and with ESET around the world maintain contact
through the wonders of electronic messaging, but there are lots of other
highly capable people working at ESET that I don’t have much to do
with. Like the support team at ESET North America who, like the other
ESET support teams, dedicate their working days to sorting out malware
problems for the company’s customers, but whom I rarely get to talk to,
even on my occasional visits to California.
Strangely enough, although I’ve written an awful lot of blogs (and not a few papers and presentations) about
support scams,
I spend a lot less time tracking them than you might expect. Not only
because I’m thoroughly bored with having the scammers themselves ring me
to tell me that there is a non-existent problem with PC that they can
fix for me for a few hundred pounds (dollars, yen, zlotys…), but because
I don’t have that direct contact with their victims. But it turns out
that while ESET support teams are mostly focused on real malware
problems, they also get to talk to customers who believe that they’ve
been getting support from ESET or its partners, but turn out to have
been tricked by scammers.
An old friend now working with the support team at ESET recently
mentioned a support call he received from a customer who believed he’d
received a call from an ESET 3
rd-party tech support rep who
told him that his system had been corrupted and that it could be fixed
for a not-so-small fee. Sound familiar? Of course it does, though
hopefully it’s not a sales technique you expect from the real ESET. Yet
this is almost
where I came in,
back in 2010 when I first came across support scams. On that occasion
the report mentioned a scammer “claiming to be from Microsoft, and
informing him that notification had been received concerning a virus
infection on his PC, and offering to help him to install antivirus
software. When asked what antivirus software was being offered, the
caller claimed that it was ESET’s.” (On that occasion, we think the
scammer was installing a cracked version of ESET’s software.)
There
is something different here, though: while it’s common
for scammers to claim to be representing (or being affiliated with)
Microsoft, as well as slightly less obvious companies such as Dell, or
Cisco, or even BT, it seems they may now be claiming to represent ‘your’
anti-malware vendor.
In real life, of course, the scammer is no more able to tell what
security software you can use than he is to determine anything else
about your system. His aim is to convince you that he knows more than he
really does – for instance, by convincing you that a standard CLSID
identifier which is exactly for the same for countless Windows PCs is
really a unique identifier for your system – so that you’ll give him
access to your system and your credit card. However, since these scams
are generally only successful with people who haven’t
been reading my blogs
become aware that such scams exist, it may be that saying something
fluffy like “I’m calling on behalf of your AV vendor” is enough to
convince them. ESET’s support team believe that this approach may be
expanded to a dialogue something like this:
Scammer: Hello, we are calling you
because we see your computer has a lot of infections and is approaching
a system crash. If you let me remote in I can assist with removing the
infections to save your computer for only $300.00
User: Well that’s odd, I typically use <Insert Antivirus Name Here> and their support for issue like this.
Scammer: We are 3rd party support for <Insert Antivirus Name Here>, so we can support you.
User: “Oh that’s great!” or “Let me call <Insert Antivirus Name Here> first.”
Well, that’s a mild example of the sort of social engineering we associate with fake psychics or the
Mentalist,
where seemingly miraculous insights are actually developed from cues
from the victim’s body language or a throwaway remark. In the present
instance, the victim may not even realize that he was the first to
mention the vendor’s name.
However, being cold-called by a scammer probably isn’t the only way
in which people fall into the support scam trap. Martijn Grooten, Steve
Burn and I wrote on this blog
some time ago
about a company with a very suspicious Facebook page, stuffed with
testimonials with curious similarities in tone, phrasing and even
misspelling, and apparently used to bolster a cold-calling campaign.
(That FB page is still there, but almost all of its content has been
removed.) We wrote at the time:
This line of investigation set us off
looking at other support sites still under investigation where the
content may be more original, but the quality of the advice leads to the
suspicion that the idea is less to provide a proven step-through
process than to create difficulties that will persuade the victim to
follow the copious links to “computer technical support providers” or
“Dell technical support” or “Linksys support”, all of which lead to the
same support site.
…What is clear is that there are a lot of companies and sites out there offering support, and even if they aren’t
the same people making scam cold-calls – which in some cases seems
pretty unlikely – they are basing their appeal to visitors to their web
sites on bona fides that are pretty difficult to verify…
Unfortunately, it also seems likely that
we’re increasingly going to find Facebook pages and blog pages with
scraped or even frankly deceptive content similarly used to add
credibility to web sites whose authenticity doesn’t stand up to
scrutiny.
In my discussions with the ESET support team and
Aryeh Goretsky,
it’s become clear that the situation has indeed deteriorated. Using
Google and other search engines using search terms like ‘ESET support’
the team found tens of thousands of search hits and sponsored ads of one
sort or another. Not all of these are malicious, or fake ESET sites, of
course: some actually are ESET resources and some that aren’t may
actually offer good advice, albeit at a price. Some undoubtedly are
suspicious at best.
I’m not sure, though, why customers wouldn’t seek advice from the
support resources provided by the vendor whose product they’ve bought
rather than risk the random links (of
very variable reliability)
that a search engine is likely to bring up, even if it means not getting
an instant response because your query arises out of hours. (And, of
course, seeing what other avenues there are for contacting ESET
support.) It’s fair to say, though, that it’s easier to get support for
some products than for others. A few years ago, when I contributed
answers to a site that encouraged security-related questions from the
public, one of the most common group of questions related to getting
support for an anti-virus product distributed through a well-known chain
of supermarkets, for which contact details were very hard to find.
However, most mainstream AV products will have a [Contact] link on their
homepage.
Here’s how to contact ESET if you’re a customer with malware-related problems:
- If you’ve received specific information about support from your
local distributor when you bought the product, that’s the first place to
look.
- Go to http://www.eset.com
and check out the resources on the Support tab. This tab will offer a
number of options, including a search facility, access to the ESET
Knowledgebase, a form that enables you to contact Customer Care to
submit a specific case, and a link to contact pages for ESET’s offices
around the world.
- You can also get there via the help and support facility in the product itself.
Aryeh points out that you can always receive support from your local ESET
distributor or
office, use the
support form to contact support directly, or post a message on the
ESET Security Forum
(to which ESET staff contribute as well as other users of ESET’s
products). If you are in North America, you can also call the North
America office toll-free at +1 (866) 343-3738 for assistance, or contact
a
US reseller.
Perhaps I should make it clear that different vendors handle support
in many different ways: for example, support packages for enterprises
may be very different to consumer packages, and there may be ‘premium
rate’ packages that offer an enhanced service for consumers.
At the other end of the scale, vendors who have a product version
that is completely free for non-commercial use (as opposed to a
time-restricted trial version) generally don’t offer one-to-one support
for the free version, though they may well have a forum for discussion
with other users of the product, which may also be monitored by company
employees. Free versions represent a problem for companies that offer
them because there is no direct income to underwrite customer support
for those products, and support services are expensive to provide.
One company did, for a while, offer support for its free product
through a support centre in India that was able to underwrite its own
costs by offering value-added for-fee services.
The arrangement fell apart
when the call-centre was believed to be expanding its operations far
beyond that brief, in ways that were indistinguishable from the gambits
used by support scammers, and quite rightly, the security company pulled
the plug.
