Support Scams: we don’t really write all the viruses…

…and nor are we responsible for fake AV/scareware and (more recently) ransomware, though I did suggest in a paper I presented at EICAR a couple of years ago that the bad guys who do peddle that stuff are all too proficient at stealing our clothes, and that maybe some security companies were making it easier for them by using questionable marketing strategies.

That paper is here: Security Software & Rogue Economics: New Technology or New Marketing?

What about those cold-calling support scams I’ve been banging on about for several years? I actually first became aware of them about three years ago when someone from another security company advised me that one of ESET’s distributors seemed to be engaged in unethical marketing processes. They hadn’t, of course: the caller was an Indian call centre – totally unconnected with ESET – that was installing an unauthorized copy of ESET software as part of the scam pitch. (There’s more information on that in the paper Hanging on the Telephone.) And one of our competitors ran into a problem when a company in India to whom it outsourced its (perfectly legitimate) support function was accused of using the same scam techniques to extend its customer-base. The security provider in question subsequently terminated its relationship with that company. (See: My PC has 32,539 errors: how telephone support scams really work for a little more detail.)

However, my friend Eddy Willems of GData has revealed that he was recently called by support scammers who, when Eddy told them he worked for a security company, offered him a job – with Symantec! Since Symantec’s Orla Cox is one of the security bloggers who have denounced this scam in the past, I don’t think so… Unfortunately, the scammer evidently got tired of hearing what Eddy thought of him and rang off without saying where he really worked. So while I’ve enjoyed working with Eddy many times in the past (notably on a couple of conference papers: Teach Your Children Well – ICT Security and the Younger Generation – with Judith Harley – and Test Files and Product Evaluation: the Case for and against Malware Simulation – with Lysa Myers), I doubt if he’ll have moved into customer support for Symantec the next time we meet. J Of course, it’s possible that the scammer may have tried to convince Eddy that Symantec were working the scam out of a desire to get some small measure of revenge for the Orla Cox article, or maybe the miscreant was just hoping to get more information about Eddy and GData for his own nefarious purposes. (Sorry, I couldn’t resist the urge to use a couple of security journalist clichés.)

Eddy’s blog article includes a recording of the whole conversation, if that’s of interest to you. Despite its entertainment value, though, it’s depressing to see that this type of scam is still in operation after all the attempts by the security industry to raise awareness of the problem, and by other agencies to suppress it by legal means. He also gives some good advice to those who are still receiving this type of call, though I’d say personally that a good 80% of them can be avoided using this simple heuristic: if someone rings you at home and out of the blue to tell you that there’s something wrong with your computer, he’s lying.

As well as the Virus Bulletin paper by myself, Martijn Grooten, Steve Burn and Craig Johnston referenced above, the same authors also put together a more forensically-oriented paper for CFET last year –  FUD and Blunder: Tracking PC Support Scams – and an article from last month includes some updated information, as does an article by my Canadian colleague Jean-Ian Boutin suggesting a disconcerting trend towards linking this kind of scam with real malware.

Cheesy cartoon by permission of Small Blue-Green World. And actually, I think we catch a pretty good percentage of malware without having to write it ourselves.  😉

David Harley
ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s