Introduction
Tech support scams have been around for several years, but no signs of them going away. A recent crackdown by the Federal Trade Commission revealed that one Florida-based scamming company alone victimized over 40,000 users between November 2013 and 2016. This resulted in these victims losing a total of $25 million. Another report published by the FBI reveals there were 10,850 tech support scam complaints in 2016 alone, resulting in a loss of $7.8 million. These victims reported fraud from 78 countries, highlighting how far and wide these scammers cast their net.
A survey conducted by Microsoft gave more profound insight into these scams. 2 out of 3 people experienced tech support scams in 2016, nearly 1 in 10 lost money, 17% of those who continued with a fraudulent transaction were older than 55, and surprisingly, 50% were between 18 and 34.
Anatomy of Tech Support Scams
A tech support scam typically begins through any of the following techniques:
- User gets a cold call from the scammer.
- User visits a site that maliciously redirects them to the scam site or pops up another window through embedded links on the source page.
- User mistypes the URL in a browser and the scammer controls the incorrectly typed domain.
Once the user visits the scam site, it hangs the browser using various Javascript tricks and consumes all the computer resources. The idea behind hanging the browser is to make the user believe something is wrong with their computer.
The video below shows how interacting with the webpage can get very painful and how the browser hangs completely at the end. Notice how the fullscreen page has a background image with an address bar showing Microsoft’s secure support website. This attempts to trick users into believing it’s the real Microsoft site.
Users who fall for such scams end up calling the phone number listed on the website. The scammer then takes control of the user’s computer, shows them some benign files – calling them malicious, and then asks for money to fix it. The monetary transaction typically happens through services like PayPal or simply by asking user’s credit card information over the phone.
Another variant of the scam is when the scammer says they want to refund the money from a previous call to the same victim. The scammer then retakes computer control, asks users to open their bank account, and transfers money from within their bank accounts (between checking and savings, etc.). The scammer claims they made it even though the transfer was completed within the same user’s accounts. Then they claim they transferred more than they were supposed to by mistake and that the victim should wire the extra money back to the scammer.
Victims typically report losing a few hundred dollars on average.
Analysis of the latest tech support scam sites
Even though the crackdown by law enforcement in the U.S. and other countries has shut down several offenders, tech support scams are far from over. A study for a month (Jun ’17 – Jul ’17) with URL data collected from large-scale email honeypots and several other data sources revealed the following:
- On average, about 50 new scam sites are registered each day. Almost all scam URLs are from newly registered sites, with very few coming from older, hijacked websites.
- Scammers used a newer top-level domain (TLD) .online the most to register these sites. 43% of all domains were registered on .online.
- Other popular TLDs were .info, .tech, and .xyz. .com was fifth in popularity with scammers, followed by .site and .club. The use of these TLDs was presumably because of their low cost.
- Scammers sometimes adapt their scare tactics based on malware attacks that are popular in the news, such as ” Ransomware ” or “Zeus trojan” alerts.
- The scam sites were not just abusing Microsoft’s Windows brand. Several variants targeted Apple’s Mac and Google Chrome users, with site content tailored for each variant.
We provide details below of top 10 scam phone numbers and IP addresses associated with tech support scam sites. The phone numbers listed comprised of 31% of all scam sites while the IP addresses were associated with 38% of all scam sites. All the IP addresses listed below are located in the USA.
Complete list of tech support scammer phone number list 2022 can be seen here.
The screenshots below highlight some of the scam variants:
1. Fake M
Stay vigilant to thwart Tech Support Scams
Even though tech support scams can be sophisticated, the scammer still largely relies on the user to fall for it. Therefore, user awareness is the key to identifying and thwarting such scams. It begins with knowing how to identify them:
- If you get an unexpected call claiming your computer is infected, it’s a clear sign of tech support scams, and you should hang up immediately. It is not advisable to rely on called ID as often; it is spoofed to make it look like the call originated from a legitimate company. The caller also typically pretends to be from a well-known company like Microsoft and uses a lot of technical terms to bait the user.
- A pop-up on your computer screen warning you of “malware infection” or similar alerts is fake, and you should close the window immediately. Tech Support scam sites often hang your browser if you wait a few seconds. If that happens, you can close the browser using your Operating System’s Activity/Process Monitor application.
In addition to the above, if you are concerned about your computer, you should call your security software company directly, whose details you can get from the company’s website. Do not call the number listed on the pop-up website. You should also never share passwords or give anyone remote control of your computer. For more tips, check out FTC’s official guidance on tech support scams.
Tools and Resources
It takes work from various parties to fight the menace of the Tech Support scam.
Get a free trial of the Bolster Platform Demo if your brand suffers from Tech Support Scams.
If you wish to lookup whether a URL is a scam site, you can use these freely available tools: CheckPhish
If you are a researcher and would like to find out who the abuse contact for the offending IPs are, you can use a handy tool querycontacts to find out the email address where you can report.
If you wish to report to FTC, use their official complaint form at ftc.gov/complaint under the Internet Services, Online Shopping, or Computers section.
