Raise your hand if this sounds familiar: Your grandmother, father or some other senior individual in your life calls you claiming there’s something wrong with their computer — someone has told them it’s infected with a virus. You are thankful they have alerted you because after you spend a few minutes (maybe even a few hours) investigating, you realize that they have been targeted by a tech support scam and there is nothing wrong with their computer. You just saved them a couple hundred dollars and a whole lot of hassle. Crisis averted…or is it?
Unfortunately, the familiar situation described above just scratches the surface of how these scams operate. It’s no longer just your computer-challenged friends and grandmother being targeted. It’s everyone. The businesses operating these scams have become so advanced that even the most tech savvy among us are susceptible to being trapped. In fact, a recent study showed millennials fell for tech support scams more often than older generations. More than a third of scam targets between the ages of 18 and 24, and 43% of those ages 25 to 34, fell victim to scammers. How? How can millennials who grew up in the digital age be so susceptible to the tricks of these tech support criminals?
Unfortunately, the answer is rooted in the fact that the criminals operating these scams have gotten really, really good at their jobs. Tech support scammers originally used cold calls, but they have evolved their approach greatly in recent years. Their use of digital tactics started in 2013 when tech support criminals began launching pop-up ads telling computer users their machines had been hacked, prompting them to call a phone number to obtain tech support. Of course, the phone number would connect the user with a person impersonating tech support, and the fake tech support staffer would infect the computer with malware in order to then get paid a hefty sum.
Since then, fake tech support companies have aggressively improved their digital tactics by studying and copying the techniques of cybercriminals. They are using some of the newest tricks in the book, and it’s working like a charm. Microsoft estimates that tech support scam artists billed 3.3 million Americans out of $1.5 billion in 2015. Targeting elderly, less tech-savvy individuals is still in their playbook, but anyone and everyone has now become a target for these scam artists. For example, tech support scammers are now using ISP targeting. Here’s what happens: You’re browsing the internet when a pop-up ad suddenly appears. It displays the logo of your internet service provider, and the message tells you your ISP has detected malware. At the bottom of the ad, there’s a number to call for immediate assistance. The ad has actually been placed by criminals, and when you call the number, they’ll try to convince you to give them your banking details.
Most recently, tech support scammers have taken things a step further with scam lockers. This attack will actually lock your computer, seemingly taking a cue from ransomware. Pop-up advertisements will push you to download software that locks you out of your computer, and you are then forced to pay the scammers to get back control over your PC.
It is no question that these entities need to be stopped. These deceptive tactics are becoming harder to detect and prevent, and the number of potential victims is growing rapidly. The issue is uniquely difficult for tech companies in our community in Silicon Valley, whose solutions and services have actually been impersonated and leveraged by these scammers to steal from innocent victims. But unfortunately, we have learned over time that it is going to be an uphill battle to bring a halt to tech support scams.
In the past several years, the Federal Trade Commission has brought several cases against scammers. The problem is that the FTC doesn’t have the authority to penalize these deceptive companies itself; it relies on the courts to find criminals guilty. These fraudsters have built an entire industry upon these scams. There’s a chance that employees at tech support scam operations have little to no idea of the true nature of what they are being asked to do. They do not know that they are helping scam internet users out of hundreds of dollars. They simply need a job and end up doing what they are told.
Even more of a hurdle is the expensive defense lawyers that tech support scam companies are able to hire. These lawyers are incredibly skilled at what they do, and the judges appointed to these cases are often not tech savvy enough to fully understand the ramifications of the actions of tech support scammers. This makes for a case that is incredibly difficult for the FTC to win, and many of these scammers walk away being able to continue operations.
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 07:39AM