Researchers Find 25,000 Domains Used In Tech Support Scams

An anonymous reader writes: Three doctoral students at Stony Brook University spent eight months analyzing internet scammers who pose as remote tech support workers (usually pretending to be from Microsoft of Apple). Their research revealed more than 25,000 scam domains and thousands of different scam phone numbers. "Although victims of these scams can be anywhere, the researchers found that 85.4% of the IP addresses in these scams were located across different regions of India," reports On The Wire, "with 9.7% located in the United States and 4.9% in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000."

The researchers even called 60 of the con artists to study their technique, and concluded most were working in large, organized call centers. They use remote access tools, and in fact two popular tools were used in 81% of the scams, according to the paper. "We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections..."

chief enablers

[v1]

two popular tools were used in 81% of the scams

My bet: TeamViewer and LogMeIn.

most were working in large, organized call centers.

This is part of why I don't understand why this continues to be a big problem. They're not some fly-by-night flighty twitchy boiler room working in a different hotel room every week to try to keep one step ahead of a door kick. These are established, stable, organized, stationary, predictable groups that ought to be easy targets for law enforcement. Seeing as this also coincides with only a few geographical locations (india and costa rica) I can only presume local law enforcement is either very lax, is complacent ("hey it brings money into our local economy, that's good right?"), or is on the take.

Look Donald, here's your chance.

This is the one thing that would unite Americans, as declaring war on overseas scammers would be incredibly popular. Everybody hates them AND they're foreign, so it's a win-win for you.

Seriously, it's a better use of bombs than a bunch of so-called terrorists and dictators, it'll guarantee re-election.

Re:Protect yourself. Block third-world IP ranges.

Way to miss the point.

Only 9.7% were in the USA, versus 85.4% in India. That's a huge difference in risk.

And you're also ignoring the fact that IP associated with the USA host a huge number of globally-useful web sites and other online services, while that just isn't true for India.

For most Internet users, blocking Indian IP addresses would be a net gain in security and convenience.

But for most users, blocking USA IP addresses would result in almost no security gain, while losing a lot of convenience.

You're trying to make it sound like IP addresses associated with the USA and those associated with India make equal contributions, both good and bad, to the Internet at large. That is not true at all.

USA IP addresses, as a whole, make a large positive contribution, with very little negative contribution. Indian IP addresses, on the other hand, make a small or nonexistent positive contribution, with a huge negative contribution.

Re:Where's the list?

[knorthern+knight]

> but alas the list of domains isn't included in the appendix.

Try blocking "*.in" for starters. https://registry.in/