Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain the affidavit of an FBI special agent who describes a case involving an informant who worked for a tech support scam group based out of India.
“The Informant described himself and [Redacted] as brokers engaged in tech support fraud,” the documents state. “He explained that they bought telephone call traffic, specifically calls placed by people who, based on advertising that they had seen on their computers, believed that their computers had been or were being attacked by malware. The Informant explained that such advertising was not based on any information indicating that the callers’ computers had malware problems and also explained that the advertising was often targeted toward those likely to lack computer or software expertise.”
The informant explained that other participants in the scam, known as “publishers,” would plant the fear-inducing ads across the Internet.
“The Informant described the role of ‘publishers’ in the tech support fraud,” the documents say. “He explained that publishers created various forms of online advertising, including pop-up ads, designed to mislead viewers into believing that malicious software or malware was attacking their computers. For example, the Informant suggested that a publisher could place ads on Facebook offering travel agent services for retirees interested in cruise vacations. A viewer who clicked on the ads would be directed to a page that would state that the viewer's computer had been infected by a virus or was being attacked by malware and advise the viewer to call a particular telephone number.”
The agent then describes how scammers working at fraudulent call centers use social engineering to trick callers into paying for phony tech support.
“The Informant explained that brokers could purchase from a publisher the calls generated by such advertising,” the documents continue. “Using call routing technologies, the publisher would route incoming calls to the broker. The broker in turn could sell the calls by re-routing them directly to call centers or to other brokers who ultimately had the calls routed to call centers. The Informant explained that call centers, specifically those involved in telemarketing fraud, were facilities designed to accept incoming calls and extract money from the callers. Typically, call centers were comprised of multiple operators, each of whom would be familiar with the sort of advertising that had been seen by the callers. The operators would accept the calls generated by the publishers’ advertising and seek to extract money from the callers by purporting to provide computer protection services.”
New-school security awareness training can enable your employees to see through these types of scams, even if they lack the technical skills to understand exactly what’s happening behind the scenes.
ZDNet has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
