Teaming up in the war on tech support scams

    Teaming up in the war on tech support scams

    Teaming up in the war on tech support scams


    Posted: 21 Apr 2018

    Social engineering attacks like tech support scams are so common because they’re so effective. Cybercriminals want to bilk users’ money. They can spend a great deal of time and energy attacking the security of a device—brute-force passwords, develop custom and sophisticated malware, and hunt down vulnerabilities to exploit. Or they can save themselves the trouble and convince users to freely give up access to their devices and sensitive information.

    Microsoft has built the most secure version of its platform in Windows 10. Core OS technologies like virtualization-based security, kernel-based mitigations, and the Windows Defender ATP stack of security defenses make it much more difficult for exploits, malware, and other threats to infect devices. Every day, machine learning and artificial intelligence in Windows Defender ATP protect millions of devices from malware outbreaks and cyberattacks. In many cases, customers may not even know they were protected. Windows 10 S, a special configuration of Windows 10, takes this even further by only running apps from the Microsoft Store, effectively preventing the vast majority of attacks.

    Protect yourself from tech support scams
    • Note that Microsoft does not send unsolicited email messages or make unsolicited phone calls to request for personal or financial information, or fix your computer.
    • Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.
    • Don’t call the number in pop-ups. Microsoft’s error and warning messages never include a phone number.
    The Windows 10 security stack greatly increases the cost for attackers. Many cybercriminals instead choose to target the humans in front of the PCs. It can sometimes be easier to convince users to willingly share their passwords, account info, or to install hazardous apps onto their device than to develop malware and steal info unnoticed.

    Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech support scams. These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services.

    To help protect customers from scammers, we continue to enhance antivirus, email, URL blocking, and browser security solutions. However, given the scale and complexity of tech support scams, how can the security industry at large work together to deal a major blow to this enduring threat?

    Still a growing global problem

    In 2017, Microsoft Customer Support Services received 153,000 reports from customers who encountered or fell victim to tech support scams, a 24% growth from the previous year. These reports came from 183 countries, indicating a global problem.

    Approximately 15% of these customers lost money in the scam, costing them on average between $200 and $400. In some cases, victims pay a lot more. In December 2017, Microsoft received a report of a scammer emptying a bank account of €89,000 during a tech support scam in the Netherlands.



    In a 2016 survey sponsored by Microsoft, two in three respondents reported experiencing some form of tech support scam in the previous 12 months, with nearly one in ten losing money.

    However, as with many social engineering attacks, it’s tricky to put an absolute number to the problem. The figures above represent reports to Microsoft. The problem is so much bigger, given that tech support scams target customers of various other devices, platforms, or software.

    An organized cybercriminal enterprise

    Tech support scams come in several forms, but they share a common attack plan:



    Scammers initiate these social engineering attacks in many ways, including:

    • Scam websites that use various tactics including browser dialog traps, fake antivirus detecting fake threats, and fake full-screen error messages. Scammers lead potential victims to these websites through ads, search results, typosquatting and other fraudulent mechanisms.
    • Email campaigns that use phishing-like techniques to trick recipients into clicking URLs or opening malicious attachments
    • Malware that’s installed on computers to make system changes and display fake error messages
    • Unsolicited phone calls (also known as cold calls), which are telemarketing calls from scammers that pretend to be from a vendor’s support team

    The complete attack chain shows that these attacks lead to the same goal of getting customers in contact with a call center. Once connected, a fake technician (an experienced scammer) convinces the victim of a problem with their device. They often scare victims with urgent problems requiring immediate action. They instruct victims to install remote administration tools (RATs), which provide the scammers access to and control over the device.



    From this point on, scammers can make changes to the device or point out common non-critical errors, and present these as problems. For example, scammers are known to use Event Viewer to show “errors” or netstat to show connections to “foreign IP addresses”. The scammers then attempt to make the sale. With control of the device, scammers can make a compelling case about errors in the device and pressure the victim to pay.

    An industry-wide problem requires industry-wide action

    The tech support scam problem is far-reaching. Its impact spans various platforms, devices, software, services. Examples include:

    • Tech support scams targeting specific platforms like Windows, macOS, iOS, and Android
    • Tech support scam websites that imply a formal relationship or some sort of approval by well-known vendors
    • Fake malware detection from programs or websites that mimic various antivirus solutions
    • Customized tech support scams that tailor messages and techniques based on geography, OS, browser, or ISP

    As in many forms of social engineering attacks, customer education is key. There are tell-tale signs: normal error and warning messages should not have phone numbers, most vendors don’t make unsolicited phone calls to fix a device, etc. To help protect and educate Microsoft customers, we have published blogs, websites, videos, and social media campaigns on the latest tech support scam trends and tactics. We have also empowered customers to report tech support scams.

    Beyond customer education, the scale and complexity of tech support scams require cooperation and broad partnerships across the industry. The Microsoft Digital Crimes Unit (DCU) works with law enforcement and other agencies to crack down on scammers.

    We have further built partnerships across the ecosystem to make a significant dent on this issue:

    • Web hosting providers, which can take down verified tech support scam websites
    • Telecom networks, which can block tech support scam phone numbers
    • Browser developers, who can continuously thwart tech support scam tactics and block tech support scam websites
    • Antivirus solutions, which can detect tech support scam malware
    • Financial networks, who can help protects customers from fraudulent transactions
    • Law enforcement agencies, who can go after the crooks

    We seek to continue expanding and enriching these partnerships. While we continue to help protect customers through a hardened platform and increasingly better security solutions, we believe it’s high time for the industry to come together and put an end to the tech support scam problem. Together, we can make our customers’ lives easier and safer.


    Erik Wahlstrom
    Windows Defender Research Project Manager


    Source: Teaming up in the war on tech support scams Microsoft Secure
    Brink's Avatar Posted By: Brink
    21 Apr 2018


  1. Posts : 1,560
    Windows 10 Home 20H2 64-bit
       #1

    My war against tech support scammers: Burner cards and a virtual box. Wasted time for them, fun time for me.
      My Computer


  2. Posts : 15,027
    Windows 10 IoT
       #2

    I get a "Hello I am from Windows" call once or twice a month. How long I keep them on the phone depends on what kind of mood I'm in. Some days its fun to mess with them and try and ruin "their" day.
    Something does need to be done about it though, its getting ridiculous IMHO.
      My Computer


  3. Posts : 7,128
    Windows 10 Pro Insider
       #3

    When I have the time I try to waste as much of their time as I can. Then I'll say, You said I have a problem with my Windows computer. That's strange because I own a Apple computer. They immediately hang up. :)
      My Computers


  4. Posts : 27,164
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #4

      My Computers


  5. Posts : 163
    Windows 10 Pro x64
       #5

    My war on scammers is a high pitched whistle when they call - guaranteed, they don't dare call again!
      My Computer


  6. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #6

    Tech-support scammers are ramping up attacks, says Microsoft


    Part of the problem lies in the huge variety of hooks and techniques the scammers use. Besides masquerading as Microsoft staff, scammers also claim to represent GPS and printer companies, as well as ISPs.

    And along with phone calls, scammers reach victims through paid search results, pop-up messages, browser lockers, and phishing email with bogus warnings about fraudulent bank charges or fake refunds.

    The FBI has recently seen a new trend emerging for scammers to retarget past tech-support victims by posing as government officials or law enforcement and offering assistance recovering lost funds for further fees.

    Some scammers also threaten legal action if victims don't pay to settle outstanding debts for tech-support services.

    And once scammers have been granted remote access, they're not just presenting bogus security warnings, but increasingly downloading personal information and using it to request bank transfers or to open new accounts to make fraudulent payments.
    Windows warning: Tech-support scammers are ramping up attacks, says Microsoft | ZDNet
      My Computer


  7. Posts : 3,352
    Windows 10 Pro x64
       #7

    I send every call from a number I don't recognize to voice mail. Scammers almost never leave messages.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:33.
Find Us




Windows 10 Forums