Network Security

Supporters club

And still the support scams roll on. I'm referring, of course, to those kind people who regularly call me to let me know that my PC has a virus, or sometimes, some other kind of problem. They then offer to “prove” it to me by getting me to check my PC's Event Viewer logs (which do, inevitably, display a number of vaguely described, but quite non-viral errors), then installing a cracked AV package (or worse) to “fix” the problem. For a price, of course.

Don't call us...

Only last week I blogged at ESET regarding the Australian Communications and Media Authority plan to impose harsh financial penalties on support desk scammers who ignore opt-out or "do not call" lists by cold-calling. Unfortunately, I think the effectiveness of this approach will be quite limited: Although the scam calls are sometimes routed via local phone numbers, the scammers themselves are usually situated well out of the jurisdiction in which the potential victim is resident. I've recently become aware of far more cases in North America than I've seen publicized, though most of the specific cases I've tracked personally have been in Australia, the UK, or Ireland. The callers, however, seem almost invariably to be in India. Frankly, Bengal and Kolkata seem to have become to support scams what Nigeria and Lagos are to 419s.

Penalty shoot-out a penalty washout

Much as I'd love to see some of these people take a hit to their bottom line, I don't see much hope of a solution based on financial penalties – not, at any rate, in the short term.

In fact, from personal experience. I strongly suspect that more-or-less legitimate organizations are deliberately using foreign call centers to get around opt-out lists, like the UK's Telephone Preference Service or the United States' National Do Not Call Registry.

Australian rules

Today, however, my friend Aryeh Goretsky alerted me to a thread on Reddit, also focused on the Australian branch of the Dishonorable Society of Support Scammers. In fact, I've seen quite a few threads like this in the last week or two, but this one led me to a useful Australian resource called SCAMwatch, which, in turn, alerted me to a couple of twists that I haven't observed in the UK yet.

In this instance, it appears that previous victims are being contacted by callers claiming to represent a foreign state or law enforcement or even the victim's own bank, offering help to reclaim the money of which they've been defrauded. There is, of course, a fee for this service. The impudence would almost be amusing if so many people hadn't lost money.

And yes, a very similar approach has been used on occasion by 419 scammers.

The long arm of the scofflaw

One of the posters to the Reddit thread observes that the scammers will, at some point in the process, ask the victim to install TeamViewer so that they can access the machine remotely. That's also kind of interesting:'s Mary Landesman, who has discussed the problem relative to reports from America, refers to them as spams, after the alternative Remote Access Software that she sees them using. However, the European scams I've been tracking seem to be tied to LogMeIn. Clearly, any RAS (remote access software) is considered fair game.

Keep the customer satisfied

Meanwhile, Steve Burn (who has supplied me with a great deal of useful information on this and other security problems) has drawn my attention to an epidemic of email and comment spam from characters claiming to be “satisfied customers” of websites associated with this kind of scam. Unfortunately, bolstering a fraudulent site with fake recommendations on other sites and in spam is a long-established practice.

As Steve points out on his blog, Urban Schrott, Jan Zeleznak and myself recently published a comprehensive paper on this kind of support scam on the ESET White Papers page. It also includes copious links to other resources and commentary.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.