This week, UK IT worker and social engineering blogger Dale Pearson was targeted – with eight phone calls from a company claiming there was a fault on his PC – but Pearson had both the time and the equipment to fight back.
The fake “tech support” call is one of the most enduring cyber-scams out there – a phone call purportedly from a Windows engineer or an independent expert, offering help with a problem they detected on your machine. The scam, however, ends with the “engineer” defrauding victims of money.
This week, UK IT worker and social engineering blogger Dale Pearson was targeted – with eight phone calls from a company claiming there was a fault on his PC, and offering to fix it.
Residents in the area had recently been targeted, with scammers demanding £200 ($330) to fix a non-existent problem on their PC. Pearson, though, had the tools, and time, to fight back, using a virtual machine, and a fake IP address, to watch what the scammers did as they “worked”, according to local paper the Evesham Journal.
Despite crackdowns on the firms which perpetrate this fraud, it remains common – and ESET Senior Research Fellow David Harley has chronicled many variations of the scam on We Live Security. He also offers a useful guide to spotting such scams here.
Pearson says, “ I had heard of people getting done by these sort of scams, but I had never had the privilege myself. So I thought I would keep them on the phone for a while to run up abit of a bill for them, and at the same time get my VPN and Virtual Machine up and running to see exactly how these guys operate.”
“There were three of them,” Pearson told Yahoo News. “The first guy, I call the Convincer. He tries to hook you in, make you believe there’s a problem. The second guy who came on the line, I could hear he was more experienced at ‘social engineering’ – convincing you it was all legit. Then there’s a third guy you never see, the hacker who goes into your PC. Most people think they’re just after your credit card details – but there’s three parts to the scam. When they ‘fix’ the problem, they get full access to the machine – and that stays there, for them to use later.”
“They actually asked me, during the call, whether I did online banking, whether I shopped online,” he said. “Even if I had not handed over my card number, they could have installed a keylogger.”
Pearson’s video – complete with audio – is shown off on his blog, Subliminal Hacking. It offers a unique insight into one variation of an attack that has remained an enduring threat to computer users.
Pearson played along with the scam for half an hour, asking for repeated callbacks – and posting the numbers on his blog, and in his local newspaper, while using a VPN and Virtual Machine to watch, safely, what they did. First, the “technician” said Pearson should visit their site (titled PC Wizards), and then said that he should run software to allow remote access.
“So one guy is doing the quick talking, whilst the other is uploaded backdoors to my VM, opening command windows and listing directory structures and then tell me my “Software Warranty Has Expired” and this is the reason I have all these errors and my computer runs slow.”
“I am in luck, for £119 and my credit card details they can renew this warranty for me, then my computer will be better than new. These really are nice folks. Oh the other point they like to make, my computer will be all kinds of awesome as long as I dont format it – they don’t have persistence after formatting.”
Pearson said he finally “got bored” and politely thanked them “for hacking my machine,” at which point he says, the technicians were irate. “how dare I claim they are hacking my machine, they are trying to help me. Then they tell me that next time I turn on my computer I am going to be in trouble, and it wont work properly.”
“Perhaps it’s a mysterious virus, corrupted files or disk partitions, or attacks by a remote hacker) that the caller will be pleased to fix for you, for a “small” fee,” he wrote in a blog post this year. Harley says that new versions of the scam include threats – with callers claiming that the government has detected scam emails from an IP address.