Support Scams: Cold Calls, Cold Hearts

Here's a diagnostic window that your shouldn't panic over, certainly if some cold-calling scammer directs you to it by persuading you to run a diagnostic on your own system.

But I'm getting ahead of myself.

You might think I've blogged more than enough about support scams already – you know, where someone calls you out of the blue to "help you" with a malware problem you didn't know you had, or to check your system for problems – but the issue seems to have come to life in the media again. Not that it's ever gone away as far as the victims are concerned. The current interest derives from a survey by Microsoft into this "emerging" threat. Well, if you've been following these blogs, you'll know that this threat has been emerging for well over a year now, but the survey came up with some interesting if disquieting figures. Out of 7,000 respondents in the US, Canada, Ireland and the UK:

• 15% had received "a call": actually, in my experience, once they have your number, you'll get a lot of calls, though they finally seem to have given up on me.
• 3% of the sample (22% of those who received a call) fell for it.
• 79% of those who fell for it sustained direct financial loss (on average, $875), and 53% lost even more money fixing problems caused by the scammers (up to $4,800).

There's some good advice in the Microsoft press release, but the assumption is that if someone calls you out of the blue to tell you that you have a computer problem, it's going to be a scam. Well, that's probably true in the countries mentioned, but it's actually more complicated than that. As we explained here, there are circumstances in which you might be cold-called legitimately in certain countries and in certain circumstances: our friends at Sophos have addressed some of those scenarios with some excellent advice here. In this white paper, we've tried to address some of the legal issues as well as providing a comprehensive picture of how the scams tend to work (they do change over time, though, and I put that paper together last year: it might be due for a revisit).

Two points the MS press release didn't mention:

• Most (though not all) of these scams rely on persuading you to run Event Viewer, which is pretty useless as a diagnostic tool unless you already know enough about Windows internals not to fall for the scam. It flags a whole bunch of transient errors that may frighten a technically-challenged victim, but don't actually signify a real problem at all, so if someone tries to get you to run a program called EVENTVWR, that's a pretty good scam heuristic in itself.
• While the survey didn't include Australia, that's also a very commonly targeted population: CNET is incorrect in saying that only the countries surveyed are seeing the problem at the moment. It's true, of course, that other countries with a large English-speaking population could be targeted, and that the scammers might start targeting speakers of other languages.

John Oates also flagged this survey in The Register.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow