Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Crime

Researchers Find 25,000 Domains Used In Tech Support Scams (onthewire.io) 85

An anonymous reader writes: Three doctoral students at Stony Brook University spent eight months analyzing internet scammers who pose as remote tech support workers (usually pretending to be from Microsoft of Apple). Their research revealed more than 25,000 scam domains and thousands of different scam phone numbers. "Although victims of these scams can be anywhere, the researchers found that 85.4% of the IP addresses in these scams were located across different regions of India," reports On The Wire, "with 9.7% located in the United States and 4.9% in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000."

The researchers even called 60 of the con artists to study their technique, and concluded most were working in large, organized call centers. They use remote access tools, and in fact two popular tools were used in 81% of the scams, according to the paper. "We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections..."

This discussion has been archived. No new comments can be posted.

Researchers Find 25,000 Domains Used In Tech Support Scams

Comments Filter:
  • chief enablers (Score:5, Insightful)

    by v1 ( 525388 ) on Sunday April 16, 2017 @12:08PM (#54245139) Homepage Journal

    two popular tools were used in 81% of the scams

    My bet: TeamViewer and LogMeIn.

    most were working in large, organized call centers.

    This is part of why I don't understand why this continues to be a big problem. They're not some fly-by-night flighty twitchy boiler room working in a different hotel room every week to try to keep one step ahead of a door kick. These are established, stable, organized, stationary, predictable groups that ought to be easy targets for law enforcement. Seeing as this also coincides with only a few geographical locations (india and costa rica) I can only presume local law enforcement is either very lax, is complacent ("hey it brings money into our local economy, that's good right?"), or is on the take.

    • by DoraLives ( 622001 ) on Sunday April 16, 2017 @12:25PM (#54245237)
      > I can only presume local law enforcement is either very lax, is complacent ("hey it brings money into our local economy, that's good right?"), or is on the take..

      "So, this is quite the operation you have here, isn't it?"

      "Yes. Yes it is. Here, here's a little something for your wife. And your children. You are a good man and your family deserves to be well taken care of."

      "Thank you. And by the way, you wouldn't be using your operation to be contacting any of the citizens of our fine country, would you?"

      "No. Certainly not. Not at all."

      "Very well then, carry on."
    • so it's already a pain to go over jurisdiction lines. I'm guessing the successful scammers have the good sense to only defraud foreigners and not locals. Different culture too. From what I've heard India has a lot of local corruption (e.g. you can buy the cops off) too. America and most of Europe doesn't really have that. We mercilessly punish low level corruption and just leave the high level stuff (our politicians) alone.
    • Since the article that reports this has followed the standard media practice of never, ever linking to the paper whose results you're mangling, here's a link to the original [documentcloud.org]. You're pretty close, the top tool is LogMeIn, followed by Citrix, followed by TeamViewer. Looks like we need to get those banned under the CFAA as hacker tools.
      • the paper whose results you're mangling

        Ooops, that was meant to be saying that the media mangles scientific research results, not the OP.

    • by guruevi ( 827432 )

      Whose law enforcement? It's not like the FBI can go down to India and round up a factory-sized building with workers. India just doesn't care whether or not it is unethical, as long as they aren't doing anything illegal within India (or keep paying their taxes and bribes) they're not going to stop them.

      To the Indians, people are giving them money for a service they sold on the phone. Even US courts in front of a tech-illiterate judge may not find much fault with their methodology other than that it's not en

      • by v1 ( 525388 )

        To the Indians, people are giving them money for a service they sold on the phone. Even US courts in front of a tech-illiterate judge may not find much fault with their methodology other than that it's not entirely ethical, but to the law it simply doesn't matter whether you bought a car or a computer program that wasn't necessary, you made the decision to buy it because they demonstrated to you that you needed it.

        The legal issue here is "fraud". They are calling and lying to the mark and telling them they

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Sunday April 16, 2017 @12:50PM (#54245359) Homepage

    when they give a 'phone number for the mark to call ??? With all the resources that the NSA, GCHQ, FBI, ... have finding where that number goes to is going to be well within their abilities. That they are not finding and nailing these crooks demonstrates that they are not interested in protecting the public. It is not as if the cost to the public is small, the BBC claims £10.9bn a year (just in the UK) [bbc.co.uk]. So: one has to ask what are those clowns doing with all they money that they soak up ? Who's interests are they protecting? It does not seem to be you or me!

    • by gtall ( 79522 )

      No, more like they are up to their ears in all the other things governments require of them that they do not have the resources or the time. Also, many of the scams span countries. Try going to India and claim some of their citizens are scamming Americans. (1) why should they give a flying rat's ass, (2) it means assigning resources to an investigation, (3) it involves bringing prosecution. What's in it for India?

      It's almost like you have no touch with reality.

    • Re: (Score:3, Interesting)

      by Solandri ( 704621 )
      I have a couple virtual phone numbers from when I used to work in Canada (a Canadian number and a Washington number). Both are hosted by Anveo for a couple bucks a month. Actually, based on the volume of calls (near zero) I could probably drop it to the $0.50/mo per-minute plan and save a few bucks.

      Both forward to my cell phone. But I can also set them up to work with a SIP device (a VoIP phone). In that configuration, I can take the VoIP phone anywhere in the world and use those numbers as long as I
  • by CustomSolvers2 ( 4118921 ) on Sunday April 16, 2017 @12:53PM (#54245369) Homepage
    First thing coming to my mind was how can tech support for big companies be scammed? If my OS gets broken and I chose (not too likely to happen) to call their support, how are they intercepting my call? After skimming through the article, I understood what the terrible problem was: these pop-ups telling you that there is a virus on your computer! There are people actually believing the popup, reading the nonsense on it, calling to the given number and paying what people there tell them to pay!!

    This seems a pretty crappy approach which is likely to be performed just by a few "companies", that's why the fact that most of scammers are in the same country makes lot of sense. Also why analysing the software used by the scammer to trick the victim? How can this be relevant here? Logically, if you want to access a computer in a different location you have to rely on certain software, exactly the same than using the phone to talk to someone.

    Are people seriously so stupid to believe everything that pops-up in front of them? To even pay up to $1000 because basically a pop-up in a random (and most probably crappy and/or illegal) site told them to do so? How could these people not deserve to lose their money? How could anyone waste their time on analysing such a sad nonsense other than from the there-are-lots-of-stupids perspective?
    • by nfotxn ( 519715 )
      Lots of the people they're contacting are senior citizens, disabled and, yes, often times not too bright. It's kind of a sad confluence of a few things including a lot of old Windows XP computers and the people who still use them. But it's still pretty criminal and the victims are people who don't know any better until it's too late.
  • by Anonymous Coward

    This is the one thing that would unite Americans, as declaring war on overseas scammers would be incredibly popular. Everybody hates them AND they're foreign, so it's a win-win for you.

    Seriously, it's a better use of bombs than a bunch of so-called terrorists and dictators, it'll guarantee re-election.

  • Why the actual hell haven't the major news outlets paraded around this malady like it's ebola? It scares people, it's relevant to everyone, and it has "send this story to everyone on Facebook" written all over it. It's the perfect storm and they can even take the angle of blaming the telecom companies for not doing enough to block the calls. Then you get outrage culture going. If this story was ran for a few days, EVERYONE in America would hear about it and not fall for it and the scam would fail. Everyon
  • The State Department should lodge a formal complaint at the Indian embassy to call for action. The governmanet in India should take steps to rid the Internet of these criminals.
  • by ytene ( 4376651 ) on Sunday April 16, 2017 @05:19PM (#54246227)
    Up until March or April last year, I was taking 3-5 scam calls per week, to an un-listed UK land line number.

    Most of the time I just did my best to keep the caller busy for as long as possible, purely to stop them spending time on the next victim. However, one day, as part of my challenging the caller to "prove their identity", the person I was speaking to actually managed to disclose my personal account number that I have with my UK telco/ISP. This number is printed on invoices but otherwise not used; it has no relation to my phone number, email address, or anything else.

    The only way the caller could have known that detail - and correctly identified me from it - was if they were either an employee of my telco, or had stolen data from them.

    I did some more digging, let the caller go, then got in touch with the anti-fraud team for my telco. Obviously telephone fraud is a big deal, with lots of un-paid bills and some large sums of money involved. So: this is a serious team with skilled people, people who can take scams seriously. I eventually got put through to an investigator and managed to convince them that they had either a leak from, or crooks operating out of, one of their India call centres.

    I have not had a fraudulent call since then.

    Let's just repeat the salient bit of that: an average of 4 fraudulent calls per week; one call to my telco anti-fraud team; no more calls for almost exactly one year.

    I could not in truth write that my telco had a criminal gang operating out of one of their India call centres; but the evidence from my side suggests that is a likely explanation. The use of fraudulent email domains is only part of the problem, however, because without the calls we would not be prompted to visit them. [ OK, spam notwithstanding].

    You would think that ISPs would be a bit more vigilant when it comes to signing up new customers; you would also expect that telcos with India-based call centres were more careful in watching their employees... Sadly, both of these activities would eat into profits. The truth is that the big telcos don't care if we are impacted by fraud, as long as they are not directly losing out in the process.

    Until that changes, the calls will continue.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Posting anonymously because I have modded: A similar story, with names.

      We moved from Virgin Media to BT (about half the cost for the same facilities) about two years ago. Before then, not a single scam caller, although we did get a few telemarketers.

      Almost immediately after the move, we started getting these scam calls from what was apparently an Indian call centre. I reckon there has to be somebody in the BT call centre who was passing new numbers to the scam shop. Since I run a total Linux installation I

"Paul Lynde to block..." -- a contestant on "Hollywood Squares"

Working...