Researchers Find 25,000 Domains Used In Tech Support Scams

An anonymous reader writes: Three doctoral students at Stony Brook University spent eight months analyzing internet scammers who pose as remote tech support workers (usually pretending to be from Microsoft of Apple). Their research revealed more than 25,000 scam domains and thousands of different scam phone numbers. "Although victims of these scams can be anywhere, the researchers found that 85.4% of the IP addresses in these scams were located across different regions of India," reports On The Wire, "with 9.7% located in the United States and 4.9% in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000."

The researchers even called 60 of the con artists to study their technique, and concluded most were working in large, organized call centers. They use remote access tools, and in fact two popular tools were used in 81% of the scams, according to the paper. "We found that, on average, a scammer takes 17 minutes, using multiple social engineering techniques mostly based on misrepresenting OS messages, to convince users of their infections..."

''Difficult to track''

[Alain+Williams]

when they give a 'phone number for the mark to call ??? With all the resources that the NSA, GCHQ, FBI, ... have finding where that number goes to is going to be well within their abilities. That they are not finding and nailing these crooks demonstrates that they are not interested in protecting the public. It is not as if the cost to the public is small, the BBC claims £10.9bn a year (just in the UK). So: one has to ask what are those clowns doing with all they money that they soak up ? Who's interests are they protecting? It does not seem to be you or me!

Re:''Difficult to track''

[Solandri]

I have a couple virtual phone numbers from when I used to work in Canada (a Canadian number and a Washington number). Both are hosted by Anveo for a couple bucks a month. Actually, based on the volume of calls (near zero) I could probably drop it to the $0.50/mo per-minute plan and save a few bucks.

Both forward to my cell phone. But I can also set them up to work with a SIP device (a VoIP phone). In that configuration, I can take the VoIP phone anywhere in the world and use those numbers as long as I have an Internet connection. To remain legal, I have to give an address for the Washington number for 911 purposes. But it's just a field I can fill in with anything, and there is no similar requirement for the Canadian number even though I can use it to easily make calls to the U.S.

All the standard obfuscation methods like VPNs, multiple proxies, and and anonymizing services work (provided you can get enough bandwidth with consistent latency).

Look To The Telcos...

[ytene]

Up until March or April last year, I was taking 3-5 scam calls per week, to an un-listed UK land line number.

Most of the time I just did my best to keep the caller busy for as long as possible, purely to stop them spending time on the next victim. However, one day, as part of my challenging the caller to "prove their identity", the person I was speaking to actually managed to disclose my personal account number that I have with my UK telco/ISP. This number is printed on invoices but otherwise not used; it has no relation to my phone number, email address, or anything else.

The only way the caller could have known that detail - and correctly identified me from it - was if they were either an employee of my telco, or had stolen data from them.

I did some more digging, let the caller go, then got in touch with the anti-fraud team for my telco. Obviously telephone fraud is a big deal, with lots of un-paid bills and some large sums of money involved. So: this is a serious team with skilled people, people who can take scams seriously. I eventually got put through to an investigator and managed to convince them that they had either a leak from, or crooks operating out of, one of their India call centres.

I have not had a fraudulent call since then.

Let's just repeat the salient bit of that: an average of 4 fraudulent calls per week; one call to my telco anti-fraud team; no more calls for almost exactly one year.

I could not in truth write that my telco had a criminal gang operating out of one of their India call centres; but the evidence from my side suggests that is a likely explanation. The use of fraudulent email domains is only part of the problem, however, because without the calls we would not be prompted to visit them. [ OK, spam notwithstanding].

You would think that ISPs would be a bit more vigilant when it comes to signing up new customers; you would also expect that telcos with India-based call centres were more careful in watching their employees... Sadly, both of these activities would eat into profits. The truth is that the big telcos don't care if we are impacted by fraud, as long as they are not directly losing out in the process.

Until that changes, the calls will continue.

Re:Look To The Telcos...

Posting anonymously because I have modded: A similar story, with names.

We moved from Virgin Media to BT (about half the cost for the same facilities) about two years ago. Before then, not a single scam caller, although we did get a few telemarketers.

Almost immediately after the move, we started getting these scam calls from what was apparently an Indian call centre. I reckon there has to be somebody in the BT call centre who was passing new numbers to the scam shop. Since I run a total Linux installation I knew that they had to be a scam.

These calls continued maybe once or twice a week for nearly eighteen months, despite the fact that I told them repeatedly that they were not going to get anywhere and I knew they were a scam. Calls to BT to report them had little effect. Recently they seem to have got the message and either put my number on a do-not-bother list or (very unlikely) the call centre has been shut down.