Feeds

Even 'Your computer has a virus' cold-call gits are migrating off XP

Malware telescammers now target slab-fondlers+mobe-strokers

Combat fraud and increase customer satisfaction

Tech support scammers have begun targeting smartphone and tablet users with offers to fix non-existent problems – for exorbitant fees.

Cold call scams that attempt to hoodwink marks into paying for useless remote diagnostic and cleanup services have been a popular scam for years. Victims are often encouraged to sign up to multi-year support contracts costing hundreds of dollars for unnecessary and worthless services.

Enforcement action by groups such as the US Federal Trade Commission have only served to slow down the rate of growth of such scams, which are beginning to diversify.

Anti-virus firm Malwarebytes documented a case where a company called Speak Support was offering similar "services" to Mac fans back in October.

Jérôme Segura, senior security researcher at Malwarebytes, has followed up that research by uncovering a tech support scam (also known as the infamous fake Microsoft/Windows support technician call) targeting Android tablet and smartphone users.

Old dogs, old tricks, new platform

As before, the short con relies on social engineering techniques to create the perception of severe (in reality, imaginary) problems in urgent need of fixing. Victims are roped in using either cold calling or online advertising.

One example of mobile tech support scams identified by Segura is being promoted using Bing search results for Android support. The top two results for the search query “android slow tech support” from an Android tablet featured paid ads for an online tech support page promoting an 1-800 number.

The "support technicians" who answered the phone when Segura called one of these numbers informed him they weren't able to directly connect to his smartphone, instructing him to plug it into his computer before asking him to download remote login software (specifically LogMeIn).

At this point a genuine technician might be expected to run some sort of a scan or diagnostic on a connected phone. What actually happened was that after browsing the phone’s internal storage and checking its properties they asserted that there was some sort of infection on the device, and that pop-up permission screens for Adobe Flash or similar were evidence of this.

The technician went on to claim that a file – rundll32.exe, a standard Windows executable – was installed on the Android device as well as the PC and is a "very bad file". The scammer then proceeded with an attempt to hoodwink Segura by using a Windows feature designed to allow users to restore files from trash in an attempt to falsely portray his system as riddled with malware.

"Windows prefetch files are often used by scammers to make up non-existing threats," Segura explained. "In this case the technician removed all the ‘infected files’ and simulated a ‘re-infection’ by quickly restoring them from the Recycle Bin (Ctrl+Z trick)."

The ripoff phase

Many people who aren’t too tech-savvy are likely to take the whole performance at face value before ultimately "paying several hundred dollars for dubious services from rogue technical support companies," Segura concludes.

In the example caught by Segura, the dodgy support organisation ultimately tried to land him with a $299 bill for one year of so-called support. And the problem doesn't even stop at the rip off fee. "Keep in mind that those miscreants have direct access to your computer and data – with all the risks that this entails," Segura warns.

Segura recorded a video of the Android support scan in progress which can be found below.

Video of the security scan in progress

Fraudsters behind the same are showing a willingness to speculate in order to accumulate.

"While paying for ads requires a certain budget, ads have the advantage of funnelling higher quality prospects because people are actually already experiencing an issue," Segura explains on a blog post by Malwarebytes explaining how tech support scams have gone mobile. "In contrast, cold-calling is a very wasteful approach (low ratio of interested people for the number of outgoing calls) and not to mention that in many countries cold-calling is completely illegal."

Good luck killing the Hydra

Ridding the web of such scams is likely to prove akin to playing a game of Whack-A-Mole. The dodgy firms behind the ruse have prepared themselves to remain in operation even if the main outlets get suspended as a result of complaints.

"Very often, the same company will register different domain names with different phone numbers while in reality they all belong to the same group," Segura explains. "This technique allows them to create multiple identities which they can cycle through in case of abuse/complaint reports."

"Such sites can easily be spotted because the content is almost identical (copy/paste) and some of the graphics are the same," he added.

The progress of the tech support scam from Windows to Mac to tablet and smartphone reflects the changing way people access the internet.

"The tech support scam lives on by adapting to its environment and exploiting the never failing human factor," Segura concludes. "I can imagine that in a near future those fake support companies will remotely access the phone or tablet directly because more and more people no longer own a ‘traditional’ computer."

Malwarebytes complete guide on tech support scams can be found here. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.