Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Fake tech support calls - revisited InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fake tech support calls - revisited

Published: 2012-12-06
Last Updated: 2012-12-06 12:20:44 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)


Back when this scam started to become "popular", the caller usually claimed to be from Microsoft or any other large well known techie company, and tried to talk the person answering into running some commands or programs on the PC "in order to fix a critical problem".  But the latest twist of this scam seems to get more targeted: We have had two reports of fake tech support calls where the caller claimed to be representing the firm to which the called company had in fact outsourced its IT Support.

This isn't really rocket science on the attackers' part - some basic internet searches will give them lots of press releases and marketing blah where service providers tout their success in winning over a big support contract for company XYZ.  I tried a search on my own based on one of the samples, and even found job postings where the service provider was explicitly looking for techies to work on the XYZ account. Next, I went on a LinkedIn search to find techies working for the service provider, and filtered to discover if any were connected to anyone at company XYZ.  Not surprisingly, there were quite a few. Stuff like this is a gold mine for phishers, social engineering, and fake tech support scammers. 

There is little point though in trying to keep the Internet free from such information. Company XYZ might have been able to control what the marketing people of the service provider write about their "reference customer", but they can't really control who is connected to whom on social networks.

In terms of countermeasures, as a service provider, make sure you have an established way how your staff identifies itself to your customer. As a company with outsourced services, make sure there is a well defined conduit how the service provider interacts with your employees, that your employees are aware of this, and that there is a defined mechanism (known call back number, etc) in place to verify a call if your employees have any doubt.

Please report fake tech support calls on https://isc.sans.edu/reportfakecall.html

 

2 comment(s)
Diary Archives