Support Scams On The Rise (2)

The problem with preventing such scams is that social engineering is very lo-tech in nature, requiring little in the way of technical resources and investment. Scammers are relying on the victims naivety, to grant them access to their computer and credit card details, so there’s very little a security company can do to prevent them, apart from keeping its own software up to date so as to block scammer websites and detect the malware they may try to install and use once granted access.

However, David Harley comments that:

Since victims of the scam are either not using up-to-date, legitimate security software or are voluntarily replacing it with compromised versions of other products, this may have little impact on the problem.

Most often it is difficult enough even learning of the various scam calls taking place, as there is no single, centrally-organised reporting system for such occurrences known to victims that may smell something fishy in due course: some call the police, some call AV vendors’ tech support and some just hang up and forget about it. Furthermore, Harley comments that:

While we’re doing our best to warn potential victims of the risk, this fraud is already all too similar to the fake antivirus reports we’ve grown accustomed to over recent years. It would be all too easy to extend the scam to use completely fake software, and not just antivirus software. Threats like this don’t only harm users, but are an assault on the credibility of real security software, system maintenance tools and so on.

A tactic we’re trying out at ESET Ireland is to give the topic public exposure with regular monthly newspaper and magazine columns where we explain and warn computer users of the current cyber-crime activity and ask them to report unusual computer issues to us for further examination. Not only does this provide the public with a regular insight into latest threats and dangers, but it also provides us with valuable feedback from readers, which we can then use in planning improvements in our security solutions. In the case of support scams our message to readers was simple. Unless you know the company you're regularly dealing with, such calls are bogus. Not only are you handing over control of your computer to total strangers who can copy any of your files from it, access your browsing history, or get your stored passwords or banking and credit card details, but you're also handing your credit card numbers to them directly for any kind of possible abuse, and that may go far beyond a single fraudulent payment.

A white paper on support scams by David Harley, Urban Schrott and Jan Zeleznak is currently in preparation and will be available in due course from

Some more resources (including some more links):

Urban Schrott
IT Security & Cybercrime Analyst
ESET Ireland

<< Part 1

Author David Harley, ESET

  • Carolyn B

    I have had one year of great service,but I cannot reach them via phone nor email.  1-888-408-6651 is the number listed and on their website. The site is still up but the phone has a recording stating,the number is not available at this time.  During one session,the company tech did tell me they have had problems with another company stating to be them and something to do with Microsoft also.  I just want my two years of service I have coming and /or an explanation of why I can't reach them.  I do not know where to try and came across your web-site.
    C Bertram
    Eugene, Oregon

    • David Harley

      We have heard of similar claims by sites – including this one – believed to be scammers that someone else is misusing their web site or telephone numbers. See I’m not convinced…

      It’s probable that some (at least) of these companies are to some extent honouring the services they claim to offer, but are also using unethical and even fraudulent cold-calling in order to expand their customer-base. There is, for example, the case of iYogi, which seems to have been providing legitimate customer support for one of our competitors (the company in question no longer uses them), but is also accused of having used cold-calling scam techniques.

Follow us

Copyright © 2017 ESET, All Rights Reserved.