Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Fake tech support calls - revisited - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fake tech support calls - revisited


Back when this scam started to become "popular", the caller usually claimed to be from Microsoft or any other large well known techie company, and tried to talk the person answering into running some commands or programs on the PC "in order to fix a critical problem".  But the latest twist of this scam seems to get more targeted: We have had two reports of fake tech support calls where the caller claimed to be representing the firm to which the called company had in fact outsourced its IT Support.

This isn't really rocket science on the attackers' part - some basic internet searches will give them lots of press releases and marketing blah where service providers tout their success in winning over a big support contract for company XYZ.  I tried a search on my own based on one of the samples, and even found job postings where the service provider was explicitly looking for techies to work on the XYZ account. Next, I went on a LinkedIn search to find techies working for the service provider, and filtered to discover if any were connected to anyone at company XYZ.  Not surprisingly, there were quite a few. Stuff like this is a gold mine for phishers, social engineering, and fake tech support scammers. 

There is little point though in trying to keep the Internet free from such information. Company XYZ might have been able to control what the marketing people of the service provider write about their "reference customer", but they can't really control who is connected to whom on social networks.

In terms of countermeasures, as a service provider, make sure you have an established way how your staff identifies itself to your customer. As a company with outsourced services, make sure there is a well defined conduit how the service provider interacts with your employees, that your employees are aware of this, and that there is a defined mechanism (known call back number, etc) in place to verify a call if your employees have any doubt.

Please report fake tech support calls on https://isc.sans.edu/reportfakecall.html

 

Daniel

367 Posts
ISC Handler
I had quite an interesting occurrence of that a few years ago, where some scammer claimed to be an external technician, which happened to be sitting next to me right then.
Visi

41 Posts
Funny that this article came up (again)... I just had a good friend contact me lastnight as he had received a call from someone claiming to be from "Microsoft Support" and that his computer was sending weird/strange data to them. He allowed them remote access when asked, but he couldn't remember exactly what they did once they were in there. They then requested his personal info and Credit Card number for their services rendered but he declined (Thank God!). I ended up doing a Teamviewer session to his PC to do a malware scan, etc. He dodged a bullet, however, this proves that this scam is still making the rounds.
Michael

2 Posts

Sign Up for Free or Log In to start participating in the conversation!