How to get Tech Support Scammers to Install Malware
Ashley Allen / 3 years ago
The old tech support scam – criminals posing as technical support staff in order to con computer users into surrendering access to their computers or paying to unlock ransomware – is, like its ancestor, the Nigerian 419 fraud, one of the more unfortunate side effects of the modern internet.
While most eTeknix readers are unlikely to fall for such a rudimentary con, many more inexperienced computer users fall prey the scammers, who often pose as Microsoft employees. Thankfully, there are some out there who like to give these swindlers a taste of their own medicine. When French blogger Ivan discovered that his parents were panicking over a fake HTML page, made by such fraudsters, claiming that their computer had been infected by “Zeus”, he decided to contact the phone number on the page and have a little fun with them.
“I fire up an old Windows XP VM, and get in touch with the “tech support”,” Ivan writes. After getting through to a supposed tech support agent (a Microsoft premium partner, whatever that means) named Dileep, Ivan plays dumb; he goes along with Dileep’s assessment that his computer is infected and agrees to purchase “Tech Protection” for €299.99.
Feigning poor eyesight, Ivan offers to send Dileep a photo of his credit card for payment. Rather than send a real photo through the remote assistance client, though, Ivan has other ideas: “I open my “junk” e-mail folder where I find many samples of the latest Locky campaign – those .zip files containing a JS script which downloads ransomware. I grab one at random, drag it into the VM. The remote-assistance client I installed has a feature allowing me to send files to the operator.”
When the “tech support” agent opened the file, Ivan tried “[his] best not to burst out laughing.”
“In conclusion,” Ivan writes, “whenever one stumbles on an obvious scam, the civic thing to do is to act like you buy it. Rationale: scammers don’t have the time to separate legitimate mugus from the ones who just pretend. Their business model relies on the fact that only gullible people will reply. Now were they spammed back, their workload would increase so much that scamming wouldn’t be a profitable activity anymore.” A social policy that we can all surely condone.
Image courtesy of West Chester Technology Blog.