By Editor
posted 10 Dec 2015 - 01:49PM
Among many other things, the recent cyberattack on
TalkTalk has brought to light another associated threat – tech
support scams. Interestingly, as various media reports have revealed, very
little is actually known about this sophisticated type of fraud, despite it
being a longstanding problem.
The result is that time after time, unsuspecting
victims are not only being duped out of their money, they are also having their
devices infected and their documents destroyed. Our guide offers an insight
into this increasingly topical issue, which was recently discussed in a BBC documentary.
Before the scam, there is data
There is always a backstory to a tech support scam
and it begins with cybercriminals getting their hands on personal information.
They use multiple and extremely sophisticated techniques to access such data.
Once in possession of this sensitive and lucrative
informative, they are presented with two options depending on their own
interests and capabilities: they either use it themselves or sell it on to
other fraudsters. The latter usually happens on one of many marketplaces on the
dark web.
Usually, the information that is exchanged is
‘incomplete’, meaning it limits a criminal’s ability to commit certain types of
crime. They need further information to complete their ‘identity jigsaw’. This
is where tech support scamming comes in, especially the kind that mixes new
(the internet) and old (telephone) technology to devastating effect.
1. First contact and the building of trust
Depending on the context of any particular case, a
tech support scammer may immediately contact victims or hold back for a more
opportune moment to pounce. It seems to matter very little about whether a data
breach has been made public or not – both offer benefits to criminals.
For example, if an attack has gone unnoticed,
fraudsters can use this situation – whereby it is ‘business as usual’ guise –
as an asset, while similarly, public knowledge of an attack is similarly
advantageous (people expect to be contacted by companies, broadband and mobile
providers).
When a customer picks up the phone, a charade
begins. Through social engineering and clever use of information in their
possession – such as names, addresses and account details – the scammer is able
to manipulate their victim into believing they are genuine.
This authoritative impersonation of a
broadband/mobile provider, bank, law enforcement and/or computer company is a
crucial step in gaining trust. All the other demonstrations of technical
capabilities and the sense of familiarity exuded by the caller simply add to
the growing confidence people have that the reason for the call ( such as
there’s been a data breach and you’re affected; your computer has a virus on
it; you’ve been the victim of fraud and we’re here to reimburse you and so on).
Another reason why scammers are so effective in
this phase of a con is that they often appear unhurried, friendly and
conversation. All of these characteristics are the kind most people assume to
be absent when fraud of any kind is taking place – it’s quick, it’s impersonal
and there’s brevity.
2. Unlocking the digital door that guards your
device
Once a certain level of trust has been established,
the fraudster explains in a very matter of fact way that they need to run
certain checks, including confirming personal information – security questions
and answers, for example – and technical.
The latter pertains to a victim’s computer, a
strategy which plays on most people having a limited understanding of the ins
and outs of how devices work. The scammer will get them to open up a window,
which will ‘evidence’ issues, the kind that could cause serious damage.
Mr. Harley has discussed an example of this in
detail in a previous post on We Live Security. The focus here is on
Windows users and, on being instructed to open up Event Viewer – which
keeps a system log – an individual will see “system events”. Some of these are
genuine problems but “they’re usually transient errors and glitches that have
already come and gone”.
Nevertheless, on unsuspecting people, this can be
an effective tactic. It helps to establish further trust because they appear to
be showing you actual problems. Therefore, as you’d allow a plumber into your
home to fix your broken pipes, the same applies here. Your digital door is
unlocked and the scammer now has your control of your computer.
3. Working hard to ‘resolve the issue’
A number of scenarios can be played from this point
onwards, but a recent scam involving an elderly couple and TalkTalk
features all the hallmarks of most cons like this. Harold and Barbara Manley
from Kent in the UK and both in their 80s, received a call purportedly from the
telecommunications company, saying their computer had been compromised.
They were told that this could be fixed and,
moreover, would receive immediate compensation worth £200. However, ‘TalkTalk’
needed access to their computer to fix the vulnerabilities. Afterwards, the
caller explained that they had to log into their online account to receive
payment.
“On the screen a statement appeared with a £5,200
in credit,” Barbara told This is Money. “They said they had made an error and needed to
debit £4,900 and the rest could be kept as compensation. I’m not into computers
so I don’t know how they did it but it looked so genuine’.”
Except it is not. Now that they have control over a
computer, they are able to manipulate what the victim sees and in this case and
many others, what can be seen is not real. Meanwhile, in the background, they
are busy taking money out of the account.
The key thing to understand is that the impression
of professionalism and apparent resolution of a problem all contributes to a
positive experience that unfortunately leaves few victims in doubt. Account
details are quoted in full, customer service is impeccable, faults are visibly
patched and compensation is given.
And, after everything is resolved, people go about
their ordinary business, unaware of what has happened. It’s not until later,
maybe that evening, the next day or even longer, when the penny drops. By that
time it’s already too late.
Knowledge and appreciation of the threat goes
a long way
These kinds of instances needn’t happen. Along with
investing in security solutions
across all your devices and adhering to best practice like using strong, unique
passwords for various accounts, understanding the nature of tech
support scams and the seriousness of cybercrime will go a long way in keeping
you safe.
The TalkTalk incident highlights that this issue is
very real and, as Financial Fraud Action UK, pointed out at the start of November, there is evidence to
suggest that there is a boom in scamming.
“Fraudsters are cunning and will go to great
lengths to steal your cash,” explained Katy Worobec, director of FFA UK. “This
scam is just another example of the tricks they will use. “You should never let
someone else have access to your computer remotely, especially if they have
contacted you via an unsolicited phone call.”
