My PC has 32,539 errors: how telephone support scams really work

David Harley ESET
Martijn Grooten Virus Bulletin
Steven Burn Malwarebytes
Craig Johnston Independent researcher

  download slides (PDF)

Fake security products, pushed by variations on Black Hat SEO and social media spam, constitute a highly adaptive, longstanding and well-documented area of cybercriminal activity. By comparison, lo-tech Windows support scams receive far less attention from the security industry, probably because they're seen as primarily social engineering not really susceptible to a technical 'anti-scammer' solution. Yet, they've been a consistent source of fraudulent income for some time, and have quietly increased in sophistication.

In this paper, we consider:

• The evolution of the FUD and Blunder approach to cold-calling support scams, from 'Microsoft told us you have a virus' to more technically sophisticated hooks such as deliberate misinterpretation of output from system utilities such as Event Viewer and Assoc.
• The developing PR-oriented infrastructure behind the phone calls: the deceptive company websites, the flaky Facebook pages, the scraped informational content and fake testimonials.
• Meetings with remarkable scammers: scammer and scam-victim demographics, and scammer techniques, tools and psychology, as gleaned from conversational exchanges and a step-through remote cleaning and optimization session.
• The points of contact between the support scam industry, other telephone scams, and mainstream malware and security fakery.
• A peek into the crystal ball: where the scammers might go next, some legal implications, and some thoughts on making their lives more difficult.

David Harley @dharleyatESET
	Martijn Grooten @martijn_grooten