More than 100 Indian police swarmed 16 tech support scam call centers in Gurgaon and Noida last week, arresting 39 people for allegedly impersonating legitimate support reps for companies including Microsoft, Apple, Google, Dell and HP.
The day after the raids, which were carried out on Tuesday and Wednesday, Microsoft said that it has received over 7,000 victim reports from customers in more than 15 countries who’ve been ripped off by the call centers.
This is the second of two recent, big raids on Indian tech support scammers. In October, after Microsoft filed complaints about customers falling for pop-up messages that lied about their systems being infected with malware, Indian police raided 10 illegal call centers and arrested 24 alleged scammers.
In that second raid, law enforcement seized a wealth of evidence, including the call scripts, live chats, voice call recordings and customer records used to run the scams.
Typosquatting and malvertising
There are a few ways that people can fall prey to these swindlers, who get to people via both phone calls and pop-up windows. Last year, researchers at Stony Brook University rigged up a robot to automatically crawl the web searching for tech support scammers and to figure out where they lurk, how they monetize the scam, what software tools they use to pull it off, and what social engineering ploys they use to weasel money out of victims.
They found that users often get exposed to these scams via malvertising that’s found on domain squatting pages: the pages that take advantage of typos we make when typing popular domain names. For example, a scammer company will register a typosquatting domain such as twwitter.com.
Studies have shown that visitors who stumble into the typosquatting pages often get redirected to pages laced with malware, while a certain percentage get shuffled over to tech support scam pages.
Once there, a visitor is bombarded with messages saying their operating system is infected with malware. Typically, the site is festooned with logos and trademarks from well-known software and security companies or user interfaces.
A popular gambit has been to present users with a page that mimics the Windows blue screen of death.
The frequency of fake blue screens of death has over the years turned “Microsoft” into a red-alert word. According to Microsoft’s recently released global survey, three out of five Windows users had encountered a tech support scam in the previous year. That reflects a five-point drop since 2016, which is good, but it’s not great, Microsoft said: the scams are still going strong, targeting all ages and all geographies.
As the list of impersonated companies from the recent raid shows, you’re not immune if you don’t use Windows: scammers have branched out so they can prey on a broader audience, pretending to be aligned with Apple or other big-name tech companies.
Like a fly in a web
Beyond spooking visitors with their bogus alerts, tech support pages will wrap them up in intrusive JavaScript so they can’t navigate away. For example, they’ll constantly show alert boxes that ask the intended prey to call the tech support number. Other techniques include messing with a user’s attempt to close the browser tab or navigate away from the site by hooking into the onunload event.
Feeling stuck like a fly in a web, a naive user will call what’s often a toll-free number for “help” with the “malware infection”. The person on the other end of the line will instruct the caller to download remote desktop to allow the remote “technician” to connect to their machine. That gives the crook complete control over the victim’s computer. At that point, perfectly innocent system messages will be interpreted as dire indications of infection.
Microsoft has found that its victimized customers typically get charged between $150 and $499 for the unnecessary tech support they supposedly need to get unstuck from the fictitious web. To add insult to injury, besides being gouged for fake tech support, once the victims have opened up their systems to remote access, they’re left vulnerable to malware or other types of attacks.
Microsoft has been fighting these scams since 2014, when it dragged multiple US companies into court. That’s also when it began to collect customer complaints about the scams via its Report a technical support scam portal.
What to do
Microsoft passed on these key ways to save yourself from getting scammed and having to use that portal:
- Be wary of any unsolicited phone call or pop-up message on your device.
- Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication it has with you must be initiated by you.
- Don’t call the phone number in a pop-up window on your device, and be cautious about clicking on notifications asking you to scan your computer or download software. Many scammers try to fool you into thinking their notifications are legitimate.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- If skeptical, take the person’s information down and immediately report it to your local authorities.