Technical support scam: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 07:41, 5 December 2023 edit Siroxo (talk \| contribs) Extended confirmed users, Page movers, New page reviewers, Pending changes reviewers, Rollbackers 11,858 edits m Rollback edit(s) by 121.50.198.105 (talk): Non-constructive edit (UV 0.1.5) Tags: Ultraviolet Rollback ← Previous edit		Revision as of 02:16, 7 September 2024 edit undo Mfernflower (talk \| contribs) Extended confirmed users 7,627 edits →Confidence tricks Tags: Mobile edit Mobile web edit Advanced mobile edit Next edit →
(35 intermediate revisions by 19 users not shown)
Line 5: [[File:Example of a technical support scam popup.png\|350px\|thumb\|Example of a technical support scam popup\|alt=fake tech support scam popup]] A '''technical support scam''', or '''tech support scam''', is a type of [[~~fraud~~scam]] in which a scammer claims to offer a legitimate [[technical support]] service. Victims contact scammers in a variety of ways, often through fake [[Pop-up ad\|pop-ups]] resembling [[error message]]s or via fake "help lines" advertised on [[website]]s owned by the scammers. Technical support scammers use [[Social engineering (security)\|social engineering]] and a variety of [[confidence trick]]s to persuade their victim of the presence of problems on their [[computer]] or [[mobile device]], such as a [[malware]] infection, when there are no issues with the victim's device. The scammer will then persuade the victim to pay to fix the fictitious "problems" that they claim to have found. Payment is made to the scammer ~~through~~via ~~ways~~[[gift card]]s, which are hard to trace and have ~~fewer~~few [[consumer protection]]s in place ~~which could allow the victim to claim their money back, usually through [[gift card]]s~~. Technical support scams have occurred as early as 2008. A 2017 study of technical support scams found that of the IPs that could be geolocated, 85% could be traced to locations in [[India]], 7% to locations in the [[United States]] and 3% to locations in [[Costa Rica]]. Research into tech support scams suggests that [[millennials]] and those in [[generation Z]] have the highest exposure to such scams; however, senior citizens are more likely to fall for these scams and lose money to them. Technical support scams were named by [[NortonLifeLock\|Norton]] as the top [[phishing]] threat to [[consumer]]s in October 2021; [[Microsoft]] found that 60% of consumers who took part in a survey had been exposed to a technical support scam within the previous twelve months. Responses to technical support scams include [[lawsuit]]s brought against companies responsible for running fraudulent call centres and [[scam baiting]]. ▼ ▲Technical support scams have occurred as early as 2008. A 2017 study of technical support scams found that of the IPs that could be geolocated, 85% could be traced to locations in India, 7% to locations in the United States and 3% to locations in Costa Rica. Research into tech support scams suggests that [[millennials]] and those in [[generation Z]] have the highest exposure to such scams; however, senior citizens are more likely to fall for these scams and lose money to them. Technical support scams were named by [[NortonLifeLock\|Norton]] as the top [[phishing]] threat to [[consumer]]s in October 2021; [[Microsoft]] found that 60% of consumers who took part in a survey had been exposed to a technical support scam within the previous twelve months. Responses to technical support scams include [[lawsuit]]s brought against companies responsible for running fraudulent call centres and [[scam baiting]]. ==Origin and distribution== The first tech support scams were recorded in 2008.<ref name="guardian" /><ref>{{Cite web\|date=October 18, 2016\|title=The Anatomy of Tech Support Scams\|url=https://www.malwarebytes.com/pdf/white-papers/anatomytechsupportscams.pdf\|url-status=live\|archive-url=https://web.archive.org/web/20210126200738/https://www.malwarebytes.com/pdf/white-papers/AnatomyTechSupportScams.pdf\|archive-date=January 26, 2021\|access-date=January 2, 2021\|website=[[Malwarebytes]]}}</ref> Technical support scams have been seen in a variety of countries, including the [[United States]],<ref>{{cite news\|last1=Yasir\|first1=Sameer\|last2=Kumar\|first2=Hari\|date=December 17, 2020\|title=Indian Call-Center Plot Fooled Americans Into Paying Over $14 Million\|work=[[The New York Times]]\|url=https://www.nytimes.com/2020/12/17/world/asia/india-call-center-scam.html\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113060139/https://www.nytimes.com/2020/12/17/world/asia/india-call-center-scam.html\|archive-date=January 13, 2022}}</ref> [[Canada]],<ref>{{cite news\|last1=Flanagan\|first1=Ryan\|date=November 18, 2019\|title=32 arrested at Indian call centre that targeted Canadians\|language=en\|work=[[CTV News]]\|url=https://www.ctvnews.ca/world/32-arrested-at-indian-call-centre-that-targeted-canadians-1.4690651\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113060138/https://www.ctvnews.ca/world/32-arrested-at-indian-call-centre-that-targeted-canadians-1.4690651\|archive-date=January 13, 2022}}</ref> [[United Kingdom]],<ref name="guardian" /> [[Ireland]],<ref>{{cite news\|last1=Hennessy\|first1=Michelle\|date=August 23, 2014\|title=Be careful, scammers are still targeting Irish home phone users\|language=en\|work=[[TheJournal.ie]]\|url=https://www.thejournal.ie/scam-india-call-computer-1632989-Aug2014/number-2/\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113194528/https://www.thejournal.ie/article.php?id=1632989\|archive-date=January 13, 2022}}</ref> [[Australia]],<ref>{{cite news\|date=February 28, 2019\|title=Fake Indian call centre attempting to scam Telstra customers\|work=[[9news.com.au]]\|url=https://www.9news.com.au/technology/telstra-scam-fake-indian-call-centre-calling-over-nbn-instillations/2c2907ce-2484-4c5f-b37c-ecbe0c89bdd4\|access-date=January 14, 2022\|archive-url=https://archive.today/20220114064008/https://www.9news.com.au/technology/telstra-scam-fake-indian-call-centre-calling-over-nbn-instillations/2c2907ce-2484-4c5f-b37c-ecbe0c89bdd4\|archive-date=January 14, 2022\|url-status=live}}</ref><ref>{{cite news\|last1=Wright\|first1=Patrick\|date=August 3, 2021\|title=This new scam cost Julia $100k. Here's how it works - ABC Everyday\|language=en-AU\|work=[[Australian Broadcasting Corporation]]\|url=https://www.abc.net.au/everyday/losing-to-remote-access-scam/100334824\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113060136/https://www.abc.net.au/everyday/losing-to-remote-access-scam/100334824\|archive-date=January 13, 2022}}</ref> [[New Zealand]],<ref>{{cite news\|last=Williams\|first=Jolene\|date=February 11, 2011\|title=Whistle at scam callers say police\|language=en-NZ\|work=[[NZ Herald]]\|url=https://www.nzherald.co.nz/hawkes-bay-today/news/whistle-at-scam-callers-say-police/7FGKGFMFBHCCOEHTZRWFZYTSTE/\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113060139/https://www.nzherald.co.nz/hawkes-bay-today/news/whistle-at-scam-callers-say-police/7FGKGFMFBHCCOEHTZRWFZYTSTE/\|archive-date=January 13, 2022}}</ref> [[India]], and [[South Africa]].<ref>{{cite web \| last=Staff writer \| date=October 20, 2021 \| url=https://indianexpress.com/article/technology/tech-news-technology/tech-support-scam-on-rise-in-india-heres-how-to-protect-yourself-from-phishing-attacks-7581559/ \| title=Tech support scam on rise in India \| work=Indian Express \| publisher=IE Online Media Services}}</ref><ref>{{cite news\|date=March 15, 2016\|title=This is what a Microsoft tech support scam looks like\|work=[[MyBroadband]]\|url=https://mybroadband.co.za/news/security/158103-this-is-what-a-microsoft-tech-support-scam-looks-like.html\|url-status=live\|access-date=January 13, 2022\|archive-url=https://web.archive.org/web/20220113060140/https://mybroadband.co.za/news/security/158103-this-is-what-a-microsoft-tech-support-scam-looks-like.html\|archive-date=January 13, 2022}}</ref> A 2017 study of technical support scams published at the [[NDSS Symposium]] found that, of the tech support scams in which the IPs involved could be [[Internet geolocation\|geolocated]], 85% could be traced to locations in India, 7% to locations in the United States and 3% to locations in Costa Rica.<ref>{{cite conference\|title=Dial One for Scam: A Large-Scale Analysis of Technical Support Scams\|first1=Najmeh \|last1=Miramirkhani\|first2= Oleksii\|last2= Starov\|first3= Nick \|last3=Nikiforakis\|doi=10.14722/ndss.2017.23163\|doi-access=free\|conference=NDSS Symposium 2017\|date=February 27, 2017\|publisher=Internet Society\|pages=1–15\|location=San Diego\|arxiv=1607.06891}}</ref> India has millions of [[Indian English\|English speakers]] who are competing for relatively few jobs. One municipality had 114 jobs and received 19,000 applicants.<ref name="~~auto1~~Poonam-2018">{{Cite news\|last=Poonam\|first=Snigdha\|date=January 2, 2018\|title=The scammers gaming India's overcrowded job market\|work=[[The Guardian]]\|url=https://www.theguardian.com/news/2018/jan/02/the-scammers-gaming-indias-overcrowded-job-market\|access-date=January 5, 2022\|archive-date=August 20, 2020\|archive-url=https://web.archive.org/web/20200820050717/https://www.theguardian.com/news/2018/jan/02/the-scammers-gaming-indias-overcrowded-job-market\|url-status=live}}</ref> This high level of [[unemployment]] serves as an incentive for tech scamming jobs, which are often well-paid.<ref name=":1Which UK-2017">{{Cite web\|date=2017-12-02\|title=The people behind the tech support scams\|url=https://www.which.co.uk/news/2017/12/exclusive-which-meets-the-people-behind-the-tech-support-scam-calls/\|access-date=2022-01-20\|website=[[Which?]]\|language=en-}}</ref> Additionally, scammers exploit the levels of unemployment by offering jobs to people desperate to be employed.<ref name="~~auto1~~Poonam-2018" /> Many scammers do not realise they are applying and being trained for tech support scam jobs,<ref name="~~auto~~Vaidyanathan-2020">{{Cite news\|last=Vaidyanathan\|first=Rajini\|date=March 8, 2020\|title=Confessions of a call-centre scammer\|work=[[BBC News]]\|url=https://www.bbc.co.uk/news/stories-51753362\|url-status=live\|access-date=January 5, 2022\|archive-url=https://web.archive.org/web/20220105210639/https://www.bbc.co.uk/news/stories-51753362\|archive-date=January 5, 2022}}</ref> but many decide to stay after finding out the nature of their job as they feel it is too late to back out of the job and change careers.<ref name="~~auto~~Vaidyanathan-2020" /> Scammers are forced to choose between keeping their job or becoming jobless.<ref name="~~auto1~~Poonam-2018" /> Some scammers convince themselves that they are targeting wealthy people that have money to spare, which justifies their theft,<ref name="~~auto~~Vaidyanathan-2020" /> whilst others see their job as generating "easy money".<ref name=":1Which UK-2017" /><ref name="~~auto~~Vaidyanathan-2020" /> Some scammers rationalize that the victim needs an anti-virus anyway and therefore, it is acceptable to tell the victim lies and charge them for technical support or to charge them for an anti-virus. ==Operation== Technical support scams rely on social engineering to persuade victims that their device is infected with malware.<ref>{{Cite web\|title=Social Engineering\|url=https://www.malwarebytes.com/social-engineering\|url-status=live\|access-date=December 30, 2021\|website=[[Malwarebytes]]\|archive-date=December 24, 2021\|archive-url=https://web.archive.org/web/20211224233150/https://www.malwarebytes.com/social-engineering}}</ref><ref name=":5Schrade-2021">{{Cite web\|last=Schrade\|first=Mary\|date=July 21, 2021\|title=Tech support scams adapt and persist in 2021, per new Microsoft research\|url=https://blogs.microsoft.com/on-the-issues/2021/07/21/tech-support-scams-adapt-2021-microsoft-study/\|url-status=live\|access-date=December 30, 2021\|website=[[Microsoft]]\|archive-date=December 30, 2021\|archive-url=https://web.archive.org/web/20211230205851/https://blogs.microsoft.com/on-the-issues/2021/07/21/tech-support-scams-adapt-2021-microsoft-study/}}</ref> Scammers use a variety of confidence tricks to persuade the victim to install [[remote desktop software]], with which the scammer can then take control of the victim's computer. With this access, the scammer may then launch various Windows components and utilities (such as the [[Event Viewer]]), install third-party utilities (such as [[rogue security software]]) and perform other tasks in an effort to convince the victim that the computer has critical problems that must be remediated, such as infection with a [[Computer virus\|virus]]. Scammers target a variety of people, though research by Microsoft suggests that millennials (defined by Microsoft as age 24-37) and people part of generation Z (age 18-23) have the highest exposure to tech support scams and the [[Federal Trade Commission]] has found that seniors (age 60 and over) are more likely to lose money to tech support scams.<ref>{{Cite web\|date=March 7, 2019\|title=Older adults hardest hit by tech support scams\|url=https://www.ftc.gov/news-events/blogs/data-spotlight/2019/03/older-adults-hardest-hit-tech-support-scams\|url-status=live\|access-date=December 31, 2021\|website=[[Federal Trade Commission]]\|language=en\|archive-date=December 31, 2021\|archive-url=https://web.archive.org/web/20211231121121/https://www.ftc.gov/news-events/blogs/data-spotlight/2019/03/older-adults-hardest-hit-tech-support-scams}}</ref><ref>{{Cite web\|date=October 18, 2020\|title=Protecting Older Consumers\|url=https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2019-2020-report-federal-trade-commission/p144400_protecting_older_adults_report_2020.pdf\|url-status=live\|access-date=December 31, 2021\|website=[[Federal Trade Commission]]\|page=6\|archive-date=December 7, 2021\|archive-url=https://web.archive.org/web/20211207000909/https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2019-2020-report-federal-trade-commission/p144400_protecting_older_adults_report_2020.pdf}}</ref> The scammer will urge the victim to pay so the "issues" can be fixed.<ref name="guardian">{{cite news\|last=Arthur\|first=Charles\|date=July 18, 2012\|title=Virus phone scam being run from call centres in India\|newspaper=[[The Guardian]]\|url=https://www.theguardian.com/world/2010/jul/18/phone-scam-india-call-centres\|url-status=live\|access-date=March 31, 2014\|archive-url=https://web.archive.org/web/20140328232009/http://www.theguardian.com/world/2010/jul/18/phone-scam-india-call-centres\|archive-date=March 28, 2014}}</ref><ref name="mbam">{{cite web\|last=Segura\|first=Jérôme\|title=Tech Support Scams - Help & Resource Page {{pipe}} Malwarebytes Unpacked\|url=http://blog.malwarebytes.org/tech-support-scams/\|url-status=live\|archive-url=https://web.archive.org/web/20140328080520/http://blog.malwarebytes.org/tech-support-scams/\|archive-date=March 28, 2014\|access-date=March 28, 2014\|work=[[Malwarebytes]]}}</ref><ref name="~~auto2~~Weiss-2019">{{Cite web\|last=Weiss\|first=Gary\|date=June 12, 2019\|title=How Scammers Use Gift Cards to Steal Your Money\|url=http://www.aarp.org/money/scams-fraud/info-2019/gift-card-fraud.html\|url-status=live\|archive-url=https://web.archive.org/web/20201112224413/https://www.aarp.org/money/scams-fraud/info-2019/gift-card-fraud.html\|archive-date=November 12, 2020\|access-date=August 1, 2019\|website=[[AARP]]\|language=en}}</ref> ===Initiation=== [[File:MediaWiki recent changes spam by cold-callers.png\|thumb\|A Recent Changes page from a [[MediaWiki]] site affected by technical support scammers promoting fake "help lines"\|alt=A Recent Changes page from a MediaWiki site affected by technical support scammers promoting fake "help lines".]] Technical support scams can begin in a variety of ways. Some variants of the scam are initiated using pop-up advertising on infected websites or via [[cybersquatting]] of major websites. The victim is shown pop-ups which resemble legitimate error messages such as a [[Blue Screen of Death]]<ref name="najmeh-et-al">{{cite journal \|last1=Miramirkhani \|first1=Najmeh \|last2=Starov \|first2=Oleksii \|last3=Nikiforakis \|first3=Nick \|title=Dial One for Scam: A Large-Scale Analysis of Technical Support Scams \|journal=Proceedings 2017 Network and Distributed System Security Symposium \|date=2016 \|doi=10.14722/ndss.2017.23163 \|url=https://arxiv.org/abs/1607.06891 \|access-date=28 November 2023\|arxiv=1607.06891 }}</ref><ref name="bsod-popup">{{cite web\|last1=Harley\|first1=David\|date=October 7, 2015\|title=Tech Support Scams: Top of the Pop-Ups\|url=http://www.welivesecurity.com/2015/10/07/tech-support-scams-top-pop-ups/\|url-status=live\|archive-url=https://web.archive.org/web/20160727112339/http://www.welivesecurity.com/2015/10/07/tech-support-scams-top-pop-ups/\|archive-date=July 27, 2016\|access-date=July 28, 2016\|website=WeLiveSecurity\|publisher=[[ESET]]}}</ref><ref>{{cite web\|date=October 30, 2015\|title=Do not respond to scam pop-up messages in your web browser\|url=https://www.communications.gov.au/what-we-do/internet/stay-smart-online/alert-service/alert-priority-moderate-do-not-respond-scam-pop-messages-your-web-browser\|url-status=dead\|archive-url=https://web.archive.org/web/20160420192531/https://www.communications.gov.au/what-we-do/internet/stay-smart-online/alert-service/alert-priority-moderate-do-not-respond-scam-pop-messages-your-web-browser\|archive-date=April 20, 2016\|access-date=April 19, 2016\|website=www.communications.gov.au\|publisher=[[Department of Communications and the Arts]]\|language=en}}</ref> and freeze the victim's [[web browser]].<ref>{{Cite web\|last=Segura\|first=Jérôme\|date=November 2, 2016\|title=Tech support scammers abuse bug in HTML5 to freeze computers\|url=https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/11/tech-support-scammers-abuse-bug-in-html5-feature-to-freeze-computers/\|url-status=live\|access-date=December 30, 2021\|website=[[Malwarebytes]]\|archive-date=December 30, 2021\|archive-url=https://web.archive.org/web/20211230222304/https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/11/tech-support-scammers-abuse-bug-in-html5-feature-to-freeze-computers/}}</ref><ref>{{Cite web\|last=Wang\|first=Samuel\|date=April 29, 2019\|title=Tech Support Scam Uses Iframe to Freeze Browsers\|url=https://www.trendmicro.com/en_gb/research/19/d/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers.html\|url-status=live\|access-date=December 30, 2021\|website=[[Trend Micro]]\|archive-date=December 30, 2021\|archive-url=https://web.archive.org/web/20211230222305/https://www.trendmicro.com/en_gb/research/19/d/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers.html}}</ref> The pop-up instructs the victim to call the scammers via a phone number to "fix the "error". Technical support scams can also be initiated via [[cold calling\|cold calls]]. These are usually [[robocall]]s which claim to be associated with a legitimate third party such as ~~Microsoft or~~ [[Apple Inc.~~\|Apple~~]].<ref name="ars-definitelynotcalling">{{cite web \|last=Brodkin \|first=Jon \|date=October 3, 2012 \|title=Hello, I'm definitely not calling from India. Can I take control of your PC? \|url=https://arstechnica.com/tech-policy/2012/10/hello-im-definitely-not-calling-from-india-can-i-take-control-of-your-pc/ \|url-status=live \|archive-url=https://web.archive.org/web/20141121035544/http://arstechnica.com/tech-policy/2012/10/hello-im-definitely-not-calling-from-india-can-i-take-control-of-your-pc/ \|archive-date=November 21, 2014 \|access-date=November 16, 2014 \|website=[[Ars Technica]]}}</ref><ref name="mbam" /> Technical support scams can also attract victims by purchasing [[keyword advertising]] on major search engines for phrases such as "Microsoft support". Victims who click on these adverts are taken to [[web page]]s containing the scammer's phone numbers.<ref>[http://searchengineland.com/tech-support-ads-search-still-consumer-quagmire-197905 "Despite Crackdowns, Tech Support Ads In Search Are Still Cause For Consumer Confusion"] {{webarchive\|url=https://web.archive.org/web/20150328061606/http://searchengineland.com/tech-support-ads-search-still-consumer-quagmire-197905 \|date=March 28, 2015 }}. ''Search Engine Land'', Ginny Marvin on August 5, 2014</ref><ref>{{Cite web\|date=February 15, 2019\|title=How To Spot, Avoid, and Report Tech Support Scams\|url=https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams\|url-status=live\|archive-url=https://web.archive.org/web/20211218071418/https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams\|archive-date=December 18, 2021\|access-date=January 1, 2022\|website=[[Federal Trade Commission]]\|language=en}}</ref> In some cases, mass emailing is used. The email tends to state that a certain product has been purchased using their Amazon account, if this is an error, please contact a certain telephone number. ===Confidence tricks=== Once a victim has contacted a scammer, the scammer will usually instruct them to download and install a [[remote desktop software\|remote access program]] such as [[TeamViewer]], [[AnyDesk]], [[LogMeIn]] or [[GoToAssist]].<ref name="najmeh-et-al" /><ref name="Ars Technica">{{Cite web\|last=Brodkin\|first=Jon\|date=November 25, 2013\|title=Fake tech support scam is trouble for legitimate remote help company\|url=https://arstechnica.com/information-technology/2013/11/fake-tech-support-scam-is-trouble-for-legitimate-remote-help-company/\|url-status=live\|access-date=December 31, 2021\|website=[[Ars Technica]]\|language=en-us\|archive-date=December 13, 2017\|archive-url=https://web.archive.org/web/20171213010257/https://arstechnica.com/information-technology/2013/11/fake-tech-support-scam-is-trouble-for-legitimate-remote-help-company/}}</ref> The scammer convinces the victim to provide them with the credentials required to initiate a remote-control session, giving the scammer complete control of the victim's desktop.<ref name="guardian" /> The scammer will not tell the victim that he is using a remote control software and that the purpose is to gain access to the victim’s PC. The scammer will say "this is for connecting you to our secure server" or "I am going to give you a secure code" which in reality is just an ID number used by the remote desktop software package. After gaining access, the scammer attempts to convince the victim that the computer is suffering from problems that must be repaired,. ~~most often as the putative result of [[Black hat (computer security)\|malicious hacking]] activity.~~They ~~Scammers~~will use several methods to misrepresent the content and significance of common Windows tools and system directories as evidence of malicious activity, such as viruses and other malware.<ref name="najmeh-et-al" /> These tricks are meant to target victims who may be unfamiliar with the actual uses of these tools, such as inexperienced users and senior citizens.<ref name="guardian" /><ref name="ars-definitelynotcalling" /><ref>{{cite web\|title=Microsoft Phone Scams\|url=https://www.which.co.uk/consumer-rights/problem/microsoft-phone-scam\|url-status=live\|archive-url=https://web.archive.org/web/20150213170305/http://www.which.co.uk/consumer-rights/problem/microsoft-phone-scam\|archive-date=February 13, 2015\|access-date=January 5, 2022\|website=[[Which?]]}}</ref> The scammer then coaxes the victim into paying for the scammer's services and/or software, which they claim is designed to "repair" or "clean" the computer but is ~~actually~~either ~~malware that infects it~~malicious or ~~software that causes other damage, or~~simply does nothing at all.<ref name="scammed">{{cite book\|last=Graham Scott\|first=Gini\|url=https://books.google.com/books?id=xOKLDAAAQBAJ&pg=PT182\|title=Scammed: Learn from the Biggest Consumer and Money Frauds How Not to Be a Victim\|publisher=Allworth Press\|year=2016\|isbn=978-1-62153-504-1\|page=182\|access-date=September 15, 2017\|archive-url=https://web.archive.org/web/20190218225541/https://books.google.com/books?id=xOKLDAAAQBAJ&pg=PT182\|archive-date=February 18, 2019\|url-status=live}}</ref> * The scammer may ~~direct users to~~open Windows' Event Viewer, which displays a [[logfile]] of various events for use by [[system administrator]]s to troubleshoot problems. Although many of the log entries are relatively harmless notifications, the scammer may claim that the log entries labeled as warnings and errors are evidence of ~~malware~~"system ~~activity or~~corruption" that ~~the computer is becoming corrupted, and~~ must be "fixed" for a fee.<ref name=mbam/><ref name=wired/> * The scammer may show system folders that contain unusually named files to the victim, such as those in Windows' [[Prefetcher\|Prefetch]] and [[temporary file\|Temp]] folders, and claim that the files are evidence of malware on the victim's computer. The scammer may also open some of these files in [[Microsoft Notepad\|Notepad]], ~~where~~wherein ~~the~~binary file contents are rendered as [[mojibake]]. The scammer claims that malware has corrupted these files, causing the unintelligible output. In reality, the files in Prefetch are typically harmless, intact binary files used to speed up certain operations.<ref name="wired">{{cite magazine\|last=Solon\|first=Olivia\|date=April 11, 2013\|title=What happens if you play along with a Microsoft 'tech support' scam?\|url=https://www.wired.co.uk/news/archive/2013-04/11/malwarebytes\|url-status=live\|archive-url=https://web.archive.org/web/20141107234041/http://www.wired.co.uk/news/archive/2013-04/11/malwarebytes\|archive-date=November 7, 2014\|access-date=November 10, 2014\|magazine=[[Wired UK]]}}</ref> * The scammer may falsely claim that normally disabled Windows [[Windows service\|services]] should not be disabled, ~~when~~and ~~not~~that ~~all~~these services ~~need~~were disabled due to bea computer ~~enabled~~virus.<ref name="mbam" /> * The scammer may misuse [[Command Prompt]] tools to generate suspicious-looking output, for instance using the [[tree (command)\|<code>tree</code>]] or [[dir (command)\|<code>dir /s</code>]] command which displays an extensive listing of files and [[directory (computing)\|directories]]. The scammer may claim that ~~the~~they ~~utility~~are is"searching afor [[malware ~~scanner]]~~and hackers", and while the tool is running the scammer will enter text purporting to be an error message (such as "ECHO security breach ... trojans found") that will appear when the job finishes, or ~~into~~will open a ~~blank~~text file with such claims in Notepad ~~document~~or Word.<ref name="mbam" /> * The scammer may misrepresent innocuous values and keys that are stored in the [[Windows Registry]] as being ~~malicious,~~signs ~~such as innocuous keys whose values are listed as not being~~of ~~set~~malware.<ref name=mbam/> * The "[[special folder#File system directories\|Send To]]" Windows function is associated with a [[globally unique identifier]]. The output of the command <code>assoc</code>, which lists all [[file association]]s on the system, displays this association with the line <code>ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}</code>; this GUID is the same on all recent versions of Windows. The scammer may claim that this is a unique ID used to identify the user's computer, before reading out the identifier to "verify" that they are a legitimate support company with information on the victim's computer, or claim that the [[Universally unique identifier\|CLSID]] listed is actually a "Computer Licence Security ID" that must be renewed.<ref name="eset-clsid">{{cite web\|last=Harley\|first=David\|date=July 19, 2011\|title=Support desk scams: CLSID not unique\|url=http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/\|url-status=live\|archive-url=https://web.archive.org/web/20141023115759/http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/\|archive-date=October 23, 2014\|access-date=November 15, 2014\|website=WeLiveSecurity\|publisher=[[ESET]]}}</ref><ref name="eset-tricks">{{cite web\|last=Harley\|first=David\|date=November 30, 2011\|title=Support-Scammer Tricks\|url=http://www.welivesecurity.com/2011/11/30/support-scammer-tricks/\|url-status=live\|archive-url=https://web.archive.org/web/20141225144746/http://www.welivesecurity.com/2011/11/30/support-scammer-tricks/\|archive-date=December 25, 2014\|access-date=November 15, 2014\|website=WeLiveSecurity\|publisher=[[ESET]]}}</ref><ref>{{Cite web\|last=Gallagher\|first=Sean\|date=January 27, 2021\|title="You took so much time to joke me"—two hours trolling a Windows support scammer\|url=https://arstechnica.com/information-technology/2017/01/take-your-sweet-time-how-i-scammed-a-tech-support-scammer-for-nearly-two-hours/\|url-status=live\|access-date=December 31, 2021\|website=[[Ars Technica]]\|archive-date=August 2, 2018\|archive-url=https://web.archive.org/web/20180802221952/https://arstechnica.com/information-technology/2017/01/take-your-sweet-time-how-i-scammed-a-tech-support-scammer-for-nearly-two-hours/}}</ref> * The scammer may claim that the alleged "problems" are the result of expired hardware or software [[warranty\|warranties]]~~, for example, Windows product keys,~~ and then coax the victim into paying for a nonsensical and fraudulent "renewal service".<ref name="wired" /><ref name="troyhunt">{{cite web\|last=Hunt\|first=Troy\|date=February 21, 2012\|title=Scamming the scammers – catching the virus call centre scammers red-handed\|url=http://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html\|url-status=live\|archive-url=https://web.archive.org/web/20140407072126/http://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html\|archive-date=April 7, 2014\|access-date=April 1, 2014}}</ref> * The scammer may block the victim from viewing their screen, claiming that it is the result of malware or of a scan being run, and use ~~the~~this time to search the victim's files for sensitive information, attempt to break into the victim's ~~accounts~~bank account with stolen or ~~stored~~found credentials or activate the webcam and see the victim's face.<ref name=":0Browning-2018">{{Citation\|last=Jim Browning\|title=This is why you never let anyone remotely access your computer\|date=August 4, 2018\|url=https://www.youtube.com/watch?v=Oot9FCuUOSo\|access-date=September 9, 2018\|archive-date=August 5, 2018\|archive-url=https://web.archive.org/web/20180805070011/https://www.youtube.com/watch?v=Oot9FCuUOSo&gl=US&hl=en\|url-status=live}}</ref> * The scammer may run the command line tool known as [[Netstat\|<code>netstat</code>]] ~~command in a terminal/command window~~, which shows local and foreign [[IP address]]es. The scammer then tells the victim that these addresses belong to foreign [[hacker]]s that have gained access to their ~~computer~~network.<ref>{{Cite web\|last=Anderson\|first=Nate\|date=May 19, 2014\|title=Inside the US government's war on tech support scammers\|url=https://arstechnica.com/tech-policy/2014/05/stains-of-deceitfulness-inside-the-us-governments-war-on-tech-support-scammers/\|url-status=live\|access-date=December 31, 2021\|website=[[Ars Technica]]\|language=en-us\|archive-date=December 31, 2021\|archive-url=https://web.archive.org/web/20211231121102/https://arstechnica.com/tech-policy/2014/05/stains-of-deceitfulness-inside-the-us-governments-war-on-tech-support-scammers/}}</ref><ref>{{Cite web\|last=Farivar\|first=Cyrus\|date=July 28, 2017\|title=How a podcaster managed to confront his tech support scammer, in person\|url=https://arstechnica.com/tech-policy/2017/07/how-the-reply-all-podcast-tracked-down-a-man-behind-a-tech-support-scam/\|url-status=live\|access-date=December 31, 2021\|website=[[Ars Technica]]\|language=en-us\|archive-date=December 31, 2021\|archive-url=https://web.archive.org/web/20211231121100/https://arstechnica.com/tech-policy/2017/07/how-the-reply-all-podcast-tracked-down-a-man-behind-a-tech-support-scam/}}</ref><ref>{{Cite magazine\|last=Greenberg\|first=Andy\|date=March 13, 2017\|title=Listen to 'Tech Support' Scam Calls That Bilk Millions Out of Victims\|language=en-US\|magazine=Wired\|url=https://www.wired.com/2017/03/listen-tech-support-scam-calls-bilk-millions-victims/\|access-date=December 31, 2021\|issn=1059-1028\|archive-date=December 8, 2021\|archive-url=https://web.archive.org/web/20211208045511/https://www.wired.com/2017/03/listen-tech-support-scam-calls-bilk-millions-victims/\|url-status=live}}</ref> * The scammer may claim that athe legitimate Windows process ~~such as~~ <code>rundll32.exe</code> is a virus. Often, the scammer will search ~~the [[World~~Google ~~Wide~~or ~~Web\|web]]~~Yahoo for an article about ~~the Windows process~~RUNDLL32.EXE and will scroll to a section saying that the process name can also possibly be part of a malware infection, even though the victim's computer does not contain ~~that~~ malware.<ref name="mbam" /> === Payment and impact === The preferred method of payment in a technical support scam is ~~through~~via [[Gift card\|gift cards]].<ref>{{Cite web\|date=October 18, 2020\|title=Protecting Older Consumers\|url=https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2019-2020-report-federal-trade-commission/p144400_protecting_older_adults_report_2020.pdf\|url-status=live\|access-date=January 1, 2022\|website=[[Federal Trade Commission]]\|page=12\|archive-date=December 7, 2021\|archive-url=https://web.archive.org/web/20211207000909/https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2019-2020-report-federal-trade-commission/p144400_protecting_older_adults_report_2020.pdf}}</ref> Gift cards are favoured by scammers because they are readily available to buy and have less [[Consumer protection\|consumer protections]] in place that could allow the victim to reclaim their money back. Additionally, the usage of gift cards as payment allows the scammers to extract money quickly whilst remaining anonymous.<ref>{{Cite web\|last=Fowler\|first=Bree\|date=December 3, 2021\|title=Are you being scammed? Here's how to know and what to do\|url=https://www.cnet.com/tech/services-and-software/are-you-being-scammed-heres-how-to-know-and-what-to-do/\|url-status=live\|access-date=January 2, 2022\|website=[[CNET]]\|language=en\|archive-date=January 2, 2022\|archive-url=https://web.archive.org/web/20220102114704/https://www.cnet.com/tech/services-and-software/are-you-being-scammed-heres-how-to-know-and-what-to-do/}}</ref><ref>{{Cite web\|last=Fletcher\|first=Emma\|date=December 8, 2021\|title=Scammers prefer gift cards, but not just any card will do\|url=https://www.ftc.gov/news-events/blogs/data-spotlight/2021/12/scammers-prefer-gift-cards-not-just-any-card-will-do\|url-status=live\|access-date=January 1, 2022\|website=[[Federal Trade Commission]]\|language=en\|archive-date=January 1, 2022\|archive-url=https://web.archive.org/web/20220101210732/https://www.ftc.gov/news-events/blogs/data-spotlight/2021/12/scammers-prefer-gift-cards-not-just-any-card-will-do}}</ref> Tech support scammers have also been known to ask for payment in the form of [[cryptocurrency]], [[Cheque\|cheques]] and direct [[Wire transfer\|bank transfers]] made through [[automated clearing house]] (the latter only gives victims 60 days to recover their funds).<ref>{{Cite web\|last=Tsing\|first=William\|date=March 30, 2017\|title=Tech support scammers and their banking woes\|url=https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-their-banking-woes/\|url-status=live\|access-date=January 2, 2022\|website=[[Malwarebytes]]\|language=en-US\|archive-date=January 2, 2022\|archive-url=https://web.archive.org/web/20220102121007/https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-their-banking-woes/}}</ref> If a victim refuses to follow the scammer's instructions or to pay them, scammers have been known to resort to insulting<ref name=":2Wired UK-2012">{{cite magazine\|date=October 15, 2012\|title=A guide to trolling a tech support scammer\|url=https://www.wired.co.uk/article/how-to-troll-a-scammer\|url-status=live\|archive-url=https://web.archive.org/web/20180707145921/http://www.wired.co.uk/article/how-to-troll-a-scammer\|archive-date=July 7, 2018\|access-date=October 3, 2018\|magazine=[[Wired UK]]}}</ref> and threatening<ref name=":3Brodkin-2015">{{Cite web\|last=Brodkin\|first=Jon\|date=March 4, 2015\|title=Tech support scammer threatened to kill man when scam call backfired\|url=https://arstechnica.com/information-technology/2015/03/tech-support-scammer-threatened-to-kill-man-when-scam-call-backfired/\|url-status=live\|access-date=November 15, 2019\|website=[[Ars Technica]]\|language=en-us\|archive-date=November 15, 2019\|archive-url=https://web.archive.org/web/20191115115826/https://arstechnica.com/information-technology/2015/03/tech-support-scammer-threatened-to-kill-man-when-scam-call-backfired/}}</ref><ref>{{Cite web\|title=Kitboga: The Internet star giving scammers a taste of their own medicine {{!}} CTV News\|url=https://www.ctvnews.ca/business/kitboga-the-internet-star-giving-scammers-a-taste-of-their-own-medicine-1.4364192\|access-date=November 15, 2019\|website=www.ctvnews.ca\|date=April 4, 2019\|archive-date=November 14, 2019\|archive-url=https://web.archive.org/web/20191114165256/https://www.ctvnews.ca/business/kitboga-the-internet-star-giving-scammers-a-taste-of-their-own-medicine-1.4364192\|url-status=live}}</ref> their victim to procure payment. Scammers may also resort to [[bullying]], [[coercion]], [[threat]]s and other forms of [[intimidation]] and [[psychological abuse]] towards their target in an effort to undermine the victim's ability to think clearly, making them more likely to be forced further into the scam.<ref>{{Cite web \|title=Tech support scammers \|url=https://www.selwynfoundation.org.nz/learning/information-about-ageing/tech-support-scammers/ \|access-date=2023-12-23 \|website=www.selwynfoundation.org.nz \|language=en}}</ref> Crimes threatened to be inflicted on victims or their families by scammers have ranged from [[theft]], [[fraud]] and [[extortion]],<ref name=":4Bhattacharjee-2021">{{Cite news\|last=Bhattacharjee\|first=Yudhijit\|date=January 27, 2021\|title=Who's Making All Those Scam Calls?\|language=en-US\|work=[[The New York Times]]\|url=https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html\|access-date=January 27, 2021\|issn=0362-4331\|archive-date=January 27, 2021\|archive-url=https://web.archive.org/web/20210127100511/https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html\|url-status=live}}</ref> to serious crimes such as [[rape]]<ref>{{Cite web\|date=March 10, 2015\|title=Busted scammer resorts to death threats\|url=https://nakedsecurity.sophos.com/2015/03/10/busted-scammer-resorts-to-death-threats/\|access-date=January 27, 2021\|website=Naked Security\|language=en-US\|archive-date=November 8, 2020\|archive-url=https://web.archive.org/web/20201108113124/https://nakedsecurity.sophos.com/2015/03/10/busted-scammer-resorts-to-death-threats/\|url-status=live}}</ref> and [[murder]].<ref name=":2Wired UK-2012" /> [[Canada\|Canadian]] citizen Jakob Dulisse reported to [[Canadian Broadcasting Corporation\|CBC]] in 2019 that, upon asking ~~the~~a scammer who made contact with him as to why he had been targeted, the scammer responded with a [[death threat]]; 'Anglo people who travel to the country' ([[India]]) were '[[Dismemberment\|cut up in little pieces]] and thrown in the river.'<ref name=":3Brodkin-2015" /><ref>{{cite news\|title=Death threat issued in bogus tech support call\|work=BBC News\|date=March 5, 2015\|url=https://www.bbc.co.uk/news/technology-31748589\|access-date=October 24, 2019\|archive-date=October 24, 2019\|archive-url=https://web.archive.org/web/20191024190837/https://www.bbc.co.uk/news/technology-31748589\|url-status=live}}</ref> Scammers have also been known to lock uncooperative victims out of their computer using the [[Syskey\|<code>syskey</code>]] utility (present only in Windows versions previous to [[Windows 10]])<ref>{{Cite web\|last=Whittaker\|first=Zack\|date=February 22, 2017\|title=We talked to Windows tech support scammers. Here's why you shouldn't\|url=https://www.zdnet.com/article/why-you-should-never-talk-to-windows-tech-support-scammers/\|url-status=live\|access-date=December 31, 2021\|website=[[ZDNet]]\|archive-date=December 31, 2021\|archive-url=https://web.archive.org/web/20211231121104/https://www.zdnet.com/article/why-you-should-never-talk-to-windows-tech-support-scammers/}}</ref> or third party applications which they install on the victim's computer,<ref name=":4Bhattacharjee-2021" /><ref>{{Cite web\|last=Osborne\|first=Charlie\|date=February 10, 2020\|title=Lock My PC takes on tech scammers with free recovery key offering, software withdrawal\|url=https://www.zdnet.com/article/lock-my-pc-locks-horns-with-tech-scammers-offers-free-recovery-keys/\|url-status=live\|access-date=January 1, 2022\|website=[[ZDNet]]\|language=en\|archive-date=January 1, 2022\|archive-url=https://web.archive.org/web/20220101164755/https://www.zdnet.com/article/lock-my-pc-locks-horns-with-tech-scammers-offers-free-recovery-keys/}}</ref><ref>{{Cite web\|last=Spadafora\|first=Anthony\|date=February 10, 2020\|title=Lock My PC fights tech support scammers with free recovery keys\|url=https://www.techradar.com/uk/news/lock-my-pc-fights-tech-support-scammers-with-free-recovery-keys\|url-status=live\|access-date=January 1, 2022\|website=[[TechRadar]]\|language=en\|archive-date=January 1, 2022\|archive-url=https://web.archive.org/web/20220101164756/https://www.techradar.com/uk/news/lock-my-pc-fights-tech-support-scammers-with-free-recovery-keys}}</ref> and to delete documents and/or programs essential to the operation of the victim's computer if they do not receive payment.<ref name="wired" /> On Windows 10 and 11, since Microsoft removed the syskey utility, scammers will change the user’s account password. The scammer will open the Control Panel, go into user settings and click on change password, and the scammer will ask the user to type in his password in the old password field. The scammer will then create a password that only he knows and will reboot the computer. The user won’t be able to log into his PC unless he pays the scammer. [[Microsoft]] commissioned a survey by [[YouGov]] across 16 countries in July 2021 to research tech support scams and their impact on consumers. The survey found that approximately 60% of consumers who participated had been exposed to a technical support scam within the last 12 months.<ref name=":5Schrade-2021" /> Victims reported losing an average of 200 [[United States dollar\|USD]] to the scammers and many faced repeated interactions from other scammers once they had been successfully scammed.<ref name=":5Schrade-2021" /> [[NortonLifeLock\|Norton]] named technical support scams as the top phishing threat to consumers in October 2021, having blocked over 12.3 million tech support scam [[URL\|URLs]] between July and September 2021.<ref>{{Cite news\|last=Ramasubramanian\|first=Sowmya\|date=October 27, 2021\|title=Tech support scams have become top phishing threats, report says\|language=en-IN\|work=[[The Hindu]]\|url=https://www.thehindu.com/sci-tech/technology/internet/tech-support-scams-have-become-top-phishing-threats/article37188112.ece\|access-date=January 2, 2022\|issn=0971-751X\|archive-date=November 29, 2021\|archive-url=https://web.archive.org/web/20211129061451/https://www.thehindu.com/sci-tech/technology/internet/tech-support-scams-have-become-top-phishing-threats/article37188112.ece\|url-status=live}}</ref> ==Response== Line 48 ⟶ 47: In September 2011, Microsoft dropped gold partner Comantra from its [[Microsoft Partner Network]] following accusations of involvement in cold-call technical-support scams.<ref>{{Cite news\|last=Arthur\|first=Charles\|date=September 22, 2021\|title=Microsoft drops partner accused of cold-call scam\|work=[[The Guardian]]\|url=https://www.theguardian.com/technology/2011/sep/22/microsoft-drops-partner-accused-scam/\|access-date=January 5, 2022\|archive-date=June 30, 2016\|archive-url=https://web.archive.org/web/20160630062809/https://www.theguardian.com/technology/2011/sep/22/microsoft-drops-partner-accused-scam\|url-status=live}}</ref> However, the ease of which companies that carry out technical support scams can be launched makes it difficult to prevent tech support scams from taking place.<ref>{{Cite news\|last1=Poonam\|first1=Snigdha\|last2=Bansal\|first2=Samarth\|date=May 18, 2017\|title=Scare and sell: Here's how an Indian call centre cheated foreign computer owners\|work=[[The Hindustan Times]]\|url=https://www.hindustantimes.com/india-news/scare-and-sell-how-indian-call-centre-scammers-cheat-foreign-computer-owners/story-cTE5eHZIo3AkjvTJDhokAK.html\|access-date=January 5, 2022\|archive-date=October 1, 2021\|archive-url=https://web.archive.org/web/20211001044329/https://www.hindustantimes.com/india-news/scare-and-sell-how-indian-call-centre-scammers-cheat-foreign-computer-owners/story-cTE5eHZIo3AkjvTJDhokAK.html\|url-status=live}}</ref> Major search engines such as [[Bing (search engine)\|Bing]] and [[Google Search\|Google]] have taken steps to restrict the promotion of fake technical support websites through keyword advertising.<ref name="zdnet-bingadsban">{{cite web\|last=Tung\|first=Liam\|date=May 13, 2016\|title=Microsoft to Bing users: No more shady third-party ads for tech support, password recovery\|url=~~http~~https://www.zdnet.com/article/microsoft-to-bing-users-no-more-shady-third-party-ads-for-tech-support-password-recovery/\|url-status=live\|archive-url=https://web.archive.org/web/20160514112616/http://www.zdnet.com/article/microsoft-to-bing-users-no-more-shady-third-party-ads-for-tech-support-password-recovery/\|archive-date=May 14, 2016\|access-date=May 13, 2016\|website=[[ZDNet]]}}</ref><ref name="ars-bingban">{{cite web\|date=May 13, 2016\|title=Bing bans tech support ads—because they're mostly scams\|url=https://arstechnica.com/information-technology/2016/05/bing-bans-tech-support-adsbecause-theyre-mostly-scams/\|url-status=live\|archive-url=https://web.archive.org/web/20160513183703/http://arstechnica.com/information-technology/2016/05/bing-bans-tech-support-adsbecause-theyre-mostly-scams/\|archive-date=May 13, 2016\|access-date=May 13, 2016\|website=[[Ars Technica]]}}</ref> Microsoft-owned [[advertising network]] [[Bing Ads]] (which services ad sales on Bing and [[Yahoo! Search]] engines)<ref name="ars-april2015deal">{{cite web\|date=April 16, 2015\|title=Microsoft loses exclusivity in shaken up Yahoo search deal\|url=https://arstechnica.com/information-technology/2015/04/microsoft-loses-exclusivity-in-shaken-up-yahoo-search-deal/\|url-status=live\|archive-url=https://web.archive.org/web/20150623204255/http://arstechnica.com/information-technology/2015/04/microsoft-loses-exclusivity-in-shaken-up-yahoo-search-deal/\|archive-date=June 23, 2015\|access-date=June 30, 2015\|website=[[Ars Technica]]}}</ref> amended its terms of service in May 2016 to prohibit the advertising of third-party technical support services or ads claiming to "provide a service that can only be provided by the actual owner of the products or service advertised".<ref name="zdnet-bingadsban" /><ref name="ars-bingban" /> Google announced a verification program in 2018 in an attempt to restrict advertising for third-party tech support to legitimate companies.<ref>{{Cite web\|last=Tung\|first=Liam\|date=September 3, 2018\|title=Google to tech-support scammers: We're about to get even tougher on your ads\|url=https://www.zdnet.com/article/google-to-tech-support-scammers-were-about-to-get-even-tougher-on-your-ads/\|url-status=live\|access-date=January 5, 2022\|website=[[ZDNet]]\|language=en\|archive-date=August 19, 2021\|archive-url=https://web.archive.org/web/20210819035228/https://www.zdnet.com/article/google-to-tech-support-scammers-were-about-to-get-even-tougher-on-your-ads/}}</ref> ===Scam baiting=== {{main\|Scam baiting}} Tech support scammers are regularly targeted by [[scam baiting]],<ref name=":2Wired UK-2012" /> with individuals seeking to raise awareness of these scams by uploading recordings on platforms like [[YouTube]], cause scammers inconvenience by wasting their time and protect potential victims.<ref>{{Cite web\|last1=Whittaker\|first1=Jack\|last2=Button\|first2=Mark\|date=June 21, 2021\|title='Scambaiting': why the vigilantes fighting online fraudsters may do more harm than good\|url=http://theconversation.com/scambaiting-why-the-vigilantes-fighting-online-fraudsters-may-do-more-harm-than-good-163038\|url-status=live\|access-date=January 6, 2022\|website=[[The Conversation (website)\|The Conversation]]\|language=en\|archive-date=October 10, 2021\|archive-url=https://web.archive.org/web/20211010211939/https://theconversation.com/scambaiting-why-the-vigilantes-fighting-online-fraudsters-may-do-more-harm-than-good-163038}}</ref><ref>{{Cite news\|last=Bhattacharjee\|first=Yudhijit\|date=January 27, 2021\|title=Who's Making All Those Scam Calls?\|work=[[The New York Times]]\|url=https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html\|access-date=January 6, 2022\|archive-date=January 27, 2021\|archive-url=https://web.archive.org/web/20210127100511/https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html\|url-status=live}}</ref> Advanced scam baiters may infiltrate the scammer's computer, and potentially disable it by deploying [[remote access trojan\|RAT]]s, [[distributed denial of service attack]]s and destructive malware.<ref>{{Cite web\|last=Vaas\|first=Lisa\|date=August 15, 2016\|title=Tech support scammer tricked into installing ransomware\|url=https://nakedsecurity.sophos.com/2016/08/15/tech-support-scammer-tricked-into-installing-ransomware/\|url-status=live\|access-date=January 6, 2022\|website=Naked Security\|publisher=[[Sophos]]\|language=en-US\|archive-date=May 15, 2021\|archive-url=https://web.archive.org/web/20210515051315/https://nakedsecurity.sophos.com/2016/08/15/tech-support-scammer-tricked-into-installing-ransomware/}}</ref> Scam baiters may also attempt to lure scammers into exposing their unethical practices by leaving dummy files or malware disguised as confidential information<ref name="~~:57~~Sherr-2021a">{{Cite web\|last=Sherr\|first=Ian\|date=November 30, 2021\|title=People are fighting back against gift card scammers. Here's how\|url=https://www.cnet.com/news/people-are-fighting-back-against-gift-card-scammers-heres-how/\|url-status=live\|access-date=January 6, 2022\|website=[[CNET]]\|language=en\|archive-date=January 1, 2022\|archive-url=https://web.archive.org/web/20220101170313/https://www.cnet.com/news/people-are-fighting-back-against-gift-card-scammers-heres-how/}}</ref> such as credit/debit card information and passwords on a [[virtual machine]], which the scammer may attempt to steal, only to become infected.<ref name=":2Wired UK-2012" /> Sensitive information important to carrying out further investigations by a [[law enforcement agency]] may be retrieved, and additional information on the rogue firm may then be posted or compiled online to warn potential victims.<ref name="~~:58~~Sherr-2021b">{{Cite web\|last=Sherr\|first=Ian\|date=November 30, 2021\|title=People are fighting back against gift card scammers. Here's how\|url=https://www.cnet.com/news/people-are-fighting-back-against-gift-card-scammers-heres-how/\|url-status=live\|access-date=January 6, 2022\|website=[[CNET]]\|language=en\|archive-date=January 1, 2022\|archive-url=https://web.archive.org/web/20220101170313/https://www.cnet.com/news/people-are-fighting-back-against-gift-card-scammers-heres-how/}}</ref> In March 2020, an anonymous YouTuber under the alias [[Jim Browning (YouTuber)\|Jim Browning]] successfully infiltrated and gathered [[quadcopter\|drone]] and [[CCTV]] footage of a fraudulent call centre scam operation through the help of fellow YouTube personality [[Karl Rock]]. Through the aid of the British documentary programme ''[[Panorama (British TV programme)\|Panorama]]'', a police raid was carried out when the documentary was brought to the attention of assistant police commissioner Karan Goel,<ref name="Dhankhar">{{cite news\|last1=Dhankhar\|first1=Leena\|date=March 4, 2020\|title=Udyog Vihar call centre duped at least 40,000 in 12 countries; 2 arrested\|language=en\|work=[[The Hindustan Times]]\|url=https://www.hindustantimes.com/gurugram/udyog-vihar-call-centre-duped-at-least-40-000-in-12-countries-2-arrested/story-vsGBr7p13IF3whT3OTBVwK.html\|url-status=dead\|access-date=March 5, 2020\|archive-url=https://web.archive.org/web/20200305014851/https://www.hindustantimes.com/gurugram/udyog-vihar-call-centre-duped-at-least-40-000-in-12-countries-2-arrested/story-vsGBr7p13IF3whT3OTBVwK.html\|archive-date=March 5, 2020}}</ref> leading to the arrest of call centre operator Amit Chauhan who also operated a fraudulent [[travel agency]] under the name "Faremart Travels".<ref>{{Cite web\|last=McCarter\|first=Reid\|date=April 3, 2020\|title=Hacker breaks into scammers' CCTV cameras and computer records\|url=https://www.avclub.com/tech-scammers-try-to-rip-off-hacker-get-their-cctv-cam-1842091672\|url-status=live\|access-date=January 7, 2022\|website=[[The A.V. Club]]\|language=en-us\|archive-date=July 29, 2021\|archive-url=https://web.archive.org/web/20210729122701/https://www.avclub.com/tech-scammers-try-to-rip-off-hacker-get-their-cctv-cam-1842091672}}</ref> Line 77 ⟶ 76: ==External links== * [https://support.microsoft.com/en-us/windows/protect-yourself-from-tech-support-scams-2ebf91bd-f94c-2a8a-e541-f5c800d18435 Official Microsoft support page on technical support scams] * [https://web.archive.org/web/20160922143320/https://www.symantec.com/en/in/about/corporate-profile/anti-piracy/tech-support-scams Official Symantec support page on technical support scams] * [http://blog.talosintel.com/2015/11/tech-support-scammers.html Investigation with recordings] by a security research group * [https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_03B-1_Miramirkhani_paper.pdf Dial One for Scam: A Large-Scale Analysis of Technical Support Scams]