Support scammers. Again. Those nice people who are always ready to tell you that you have a virus, or a Trojan, or have been attacked by hackers, and so on, but are willing to help you fix it for a not inconsiderable sum.

Almost by definition, the support scam preys on people who don’t understand technology well enough to realize that the scammers don’t really know anything about the victim’s system or Internet connection. In countries that are primarily English-speaking, the scam has been perpetuated so often and so long, and publicized well enough, that the pool of  potential victims has been steadily shrinking.

A few days ago, I wrote about (among other things) a comment from a Spanish reader of this blog who’d been contacted by a support scammer who:

… started the conversation in ‘poor Spanish’. It’s not that unusual for support scammers to expand into countries where English is not usually the first language of a potential victim, but up to now the scammers have almost invariably insisted on speaking English, often claiming that Microsoft won’t allow them to use other languages.

My hypothesis that ‘those support centres where this scam is being run may be recognizing a need to cast their linguistic nets wider as the number of English speakers who’ve learned to recognize the scam increases’ has received a certain amount of corroboration.

After the article was published, my colleague Josep Albors subsequently mailed me to let me know that the support department at ESET España has been contacted by a number of customers who’ve received scam calls from operators who initiated the conversation in English, but when this wasn’t going well, they ‘started to try in Spanish (sort of).’ This isn’t, of course, quite the same scenario, and there aren’t too many reported cases so far, but it does indeed show a somewhat novel willingness to use European languages other than English to give instructions.

Josep points out that some of the customers contacted by scammers were quite elderly. I’d like to think that not all of us who have reached an age of considerable maturity are technologically disadvantaged by definition, whatever some of the scammers may think. (Like the one who assumed – correctly – that I’m not in the first flush of youth, and told me that he respected me because I’m like his grandfather but that I know nothing and should take a long holiday soon before he sent a wet team round. Or something like that.) Still, I imagine that the scammers are hoping that elderly monoglots are also less likely to be technologically aware enough to recognize the scam.

This is in sharp contrast to another recent comment regarding a call received in France where the scammer apparently had no command of the French language at all. As the commenter observed, it’s unlikely that Microsoft support teams covering France don’t have any French speakers. Though I would observe that such support teams aren’t necessarily operating out of the same region: offshoring is pretty much the norm in some support contexts.

Even so, it’s clear that scammers are still trying to expand their ‘market’ into regions that aren’t primarily English-speaking and therefore not so ‘over-phished’: in the US, UK, Australia and so on, it’s hard to imagine that there’s anyone left to take the bait. Will we see the same scam delivered in French in future?

David 'oh what a tangled web' Harley
ESET Senior Research Fellow
Small Blue-Green World

The 'Maman' spider sculpture by Louise Bourgeois was photographed in Bilbao, just outside the Guggenheim Museum: while I chose the photo for its sinister appearance and superficial resemblance to the topic of this article, the meaning of the work to the artist was altogether more complex (and positive).