Fake Support Calls Reported

Published: 2012-10-03
Last Updated: 2012-10-03 16:50:24 UTC
by Kevin Shortt (Version: 1)
7 comment(s)

Our Cyber Security Awareness Diary on Standards will be up in a little bit.  I wanted to share as a reminder that fake phone phishing scams are still alive and well.   Reader Joe D. shared an event that ended well, but provided him and now us some further awareness that the fake IT Support Call to phish your information from you are still alive and well out there.   The human is still our weakest link in the chain.   

The incident as told was an unsolicited call by a man with an accent claiming to be from Microsoft.  The caller attempts to bait the victim by stating  'We are seeing errors being generated from your computer."

We need everyone to stay vigilant and be suspicious of any unsolicited calls about your computer.  If you or someone you know has experienced an incident such as this, then please encourage them to submit it to the Internet Storm Center. [1]   An account is not needed to submit the form.  

[1]  https://isc.sans.edu/reportfakecall.html


ISC Handler on Duty

7 comment(s)


I had somebody ask me about the credibility of Ammyy admin this week, as it's used in a ton of these Microsoft phone scams for the social engineer to access their victim's computer while 'providing support'. Although the program has nearly obtained a reputation as malware, it is actually a misused remote access server. I think its important to consider that in these scams, and those in which a 'fee' is paid, there might actually be no malware at all installed - thus nothing for AV software or IDS to detect, no matter how advanced. It's also another reason to take a careful look at which remote access and support programs or tools are permitted on systems, and policy for who can use and install them.
FTC halts massive Tech Support Scams
- http://ftc.gov/opa/2012/10/pecon.shtm
10/03/2012 - "The Federal Trade Commission has launched a major international crackdown on tech support scams in which telemarketers masquerade as major computer companies, con consumers into believing that their computers are riddled with viruses, spyware and other malware, and then charge hundreds of dollars to remotely access and “fix” the consumers’ computers. At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets..."
I had similar call about couple of months and perhaps it was start of the scam. It was fishy from the start and told the caller I had Linux OS which turned the caller down.
I have had 4 of these calls, one 2 years ago, and 3 in the last 2 months. They never get past telling me what the errors truly mean without me challenging their "knowledge and expertise". Still only have had one hang up on me.
I've had a few of these calls to my home phone, I think one told me their name was Susan(or something like that) but i was pretty sure it was a man. I got one of them agitated to the point he told me they were in Bhutan and we couldn't do anything about them. Usually just asking for a badge number and call back number is enough to scare them off.
I work in the abuse department for a large ISP in the US, and we've been getting 10-20 customers each day reporting these scams. Most that call in don't do so until after they've allowed access to their computers, but before paying. These calls started picking up it seems around three months ago or so.

Customer's I've talked with report callers claiming to be "Microsoft Support", "Google Support", "Firefox Support", and the biggest of course "On Behalf of [ISP]".

Most that I've heard identify themselves as working for "iTok", I'm guessing http://www.itok.net/

Some customers I talk to I refer to the FTC and to the ISC's report page, but unfortunately many that fall victim to this have trouble finding their address bar.
OT, but someone called me offering to lower the interest rate on my 'account'.
When they refused to tell me which bank and account, I hung up, but I'm sure it was going to lead to them asking for my account #s and SPI.

Diary Archives