In The Guardian, Snighda Poonam recently explored the competition for jobs in general in India, with massive numbers of applicants chasing relatively small numbers of job opportunities. The article on The scammers gaming India’s overcrowded job market goes some way to explaining why so many find it hard to resist a career in call-centre scamming.
Tech support scamming isn’t the only dubious call-centre activity, of course, though it’s one that we’ve often talked about on this blog. Poonam observes that:
‘For thousands who end up at scam call centres in cities across India, impersonating tax officers, loan agents, Apple executives or cut-rate Viagra manufacturers, the job provides the thrill of cracking the code of American emotions.
It’s notable that some of the scammers quoted in the article are eager to ‘blame the victims’, whether it’s for their presumed arrogance or their gullibility. Perhaps it’s just as well for their own psychological wellbeing that they get some sort of thrill, since some employers and recruiters aren’t necessarily more honest with aspiring call-centre operators than the operators themselves are with their victims. Some agencies are flagrantly charging jobseekers for registering their profiles on web sites in the hope of getting jobs that never turned up, while other jobs promoted as being with major companies turned out to be something quite different.
After all these years, I still get furious at the heartless exploitation that we associate with these scams. But I’ve often wondered how aware some of the scammers are that what they’re doing is scamming as they plough through the script in front of them. Back in the days when I could actually be bothered to engage with cold-call scammers, in some cases it was obvious that they knew little more than their victims, and probably didn’t even have enough knowledge to realize that those scripts were gobbledegook, albeit deliberately deceptive gobbledegook. Other cases indicate much more awareness. My former colleague Craig Johnston *talked to one such cold-caller:
‘The caller was more than happy to answer my questions about the group’s modus operandi and admitted that his job was to cause confusion and fear in the victim, while posing as a trusted advisor, so that he could sell the victim a product.’
In the paper from which that quote has been taken, we also noted that:
‘Others have been more inclined to bluster and threaten, even when (or possibly particularly when) their lack of understanding has been highlighted during interrogation by a less patient recipient of their attentions…we note a number of recent reports where the scammer threatens to deprive the victim of the Windows Update service or even their network connectivity: hopefully, a sign of frustration that the con is getting harder to work.’
But it is, I suppose, a good thing to recall that the scammers to whom victims in the US and Europe are talking may themselves be victims of employers wedded to a corrupt business model. That model is facilitated by an economy characterized by huge disparities between numbers of jobseekers and numbers of available jobs. It’s easier to have scruples about how you earn your living when you’re not one of millions of people chasing just a few thousand jobs. And for every sociopath making megabucks out of not caring what damage is done to others, there are many more people who probably wouldn’t be participating in criminal activities** if their own circumstances were more comfortable.
But that doesn’t mean we shouldn’t protect ourselves and each other from those activities by learning how they operate so as to avoid falling into their traps.
I make no apology for repeating the advice Josep Albors and myself gave in a blog from 2017: Spanish Harmada: More on tech support scams
- Basically, follow your own common sense and distrust unsolicited offers of support: reputable websites don’t and can’t check your system for malware unless you actually ask them to, as in the case of an online scanner such as ESET’s. Pop-up messages directing you to ‘help lines’ are really just a means of avoiding the well-worn and well-documented cold-calling approach and diverting the cost and effort of contacting potential scam victims to the victims themselves.
- If you really have a problem or have doubts about the security of your system, contact the official support numbers that companies make available to their users on their websites. Be aware, though, that support scammers (like other scammers) go to considerable lengths to get their pages noticed by search engines. If you want help from a security company, try to make sure that it’s the real company you’re contacting, not some scammer claiming to offer support for a product with which he has no legitimate affiliation.
- In the end, everything is reduced to a healthy skepticism: don’t take for granted the goodwill and technical competence of people and companies who turn up unexpectedly on your PC or at the end of your phone. Many of the effects of malicious activity that most of us see nowadays are based on social engineering, the art of manipulating the victim through psychology. Mistrusting technobabble, high-pressure salesmanship and scaremongering is a good idea, whatever they’re trying to sell you. And once you realize that the pop-ups and scary messages are not to be trusted, you don’t have to put up with all that fraudulent salesmanship.
- Ultimately, the scammer’s job is to convince you that he knows more about your system than he really does or can, as a preparation for persuading you to allow him remote access to your system. Start off by assuming that he can’t know whether your system is secure and don’t volunteer information that makes it easier for him to sound knowledgeable, check out some of the ways in which he might try to persuade you that you have a security problem, and don’t give anyone remote access unless you’re absolutely certain that they’re legitimately offering services that you’re actually signed up for.
*Quoted in the 2012 paper for a Virus Bulletin conference: My Pc Has 32,539 Errors: How Telephone Support Scams Really Work. The paper was written and presented by myself, Craig, Virus Bulletin’s Martijn Grooten, and Steve Burn (who brought the Guardian article to my attention: thanks, Steve!).
written by David Harley, ESET We Live Security