The fake “tech support” call
is one of the most enduring cyber-scams out there – a phone call
purportedly from a Windows engineer or an independent expert, offering
help with a problem they detected on your machine. The scam, however,
ends with the “engineer” defrauding victims of money.
This week, UK IT worker and social engineering
blogger Dale Pearson was targeted – with eight phone calls from a company claiming there was a fault on his PC, and offering to fix it.
Residents in the area had recently been targeted, with scammers
demanding £200 ($330) to fix a non-existent problem on their PC.
Pearson, though, had the tools, and time, to fight back, using a virtual
machine, and a fake IP address, to watch what the scammers did as they
“worked”, according to local paper the
Evesham Journal.
Despite crackdowns on the firms which perpetrate this fraud, it
remains common – and ESET Senior Research Fellow David Harley has
chronicled many variations of the scam on We Live Security. He also offers a useful guide to spotting such scams
here.
Pearson says, “ I had heard of people getting done by these sort of
scams, but I had never had the privilege myself. So I thought I would
keep them on the phone for a while to run up abit of a bill for them,
and at the same time get my VPN and Virtual Machine up and running to
see exactly how these guys operate.”
“There were three of them,” Pearson told
Yahoo News.
“The first guy, I call the Convincer. He tries to hook you in, make you
believe there’s a problem. The second guy who came on the line, I could
hear he was more experienced at ‘social engineering’ – convincing you
it was all legit. Then there’s a third guy you never see, the hacker who
goes into your PC. Most people think they’re just after your credit
card details – but there’s three parts to the scam. When they ‘fix’ the
problem, they get full access to the machine – and that stays there, for
them to use later.”
“They actually asked me, during the call, whether I did online
banking, whether I shopped online,” he said. “Even if I had not handed
over my card number, they could have installed a keylogger.”
Pearson’s video – complete with audio – is shown off on his blog,
Subliminal Hacking. It offers a unique insight into one variation of an attack that has remained an enduring threat to computer users.
Pearson played along with the scam for half an hour, asking for
repeated callbacks – and posting the numbers on his blog, and in his
local newspaper, while using a VPN and Virtual Machine to watch, safely,
what they did. First, the “technician” said Pearson should visit their
site (titled PC Wizards), and then said that he should run software to
allow remote access.
“So one guy is doing the quick talking, whilst the other is uploaded
backdoors to my VM, opening command windows and listing directory
structures and then tell me my “Software Warranty Has Expired” and this
is the reason I have all these errors and my computer runs slow.”
“I am in luck, for £119 and my credit card details they can renew
this warranty for me, then my computer will be better than new. These
really are nice folks. Oh the other point they like to make, my computer
will be all kinds of awesome as long as I dont format it – they don’t
have persistence after formatting.”
Pearson said he finally “got bored” and politely thanked them “for
hacking my machine,” at which point he says, the technicians were irate.
“how dare I claim they are hacking my machine, they are trying to help
me. Then they tell me that next time I turn on my computer I am going to
be in trouble, and it wont work properly.”
“Perhaps it’s a mysterious virus, corrupted files or disk
partitions, or attacks by a remote hacker) that the caller will be
pleased to fix for you, for a “small” fee,” he wrote in a blog post this year. Harley says that new versions of the scam include threats – with callers claiming that the government has detected scam emails from an IP address.
