Tech support scams go with a Bing

Microsoft takes a shot at preventing support scammers from exploiting Bing Ads, explains David Harley, senior research fellow at ESET.

Microsoft takes a shot at preventing support scammers from exploiting Bing Ads, explains David Harley, senior research fellow at ESET.

It’s understandable that Microsoft is sensitive about the expanding and highly adaptive trade in tech support scams, since users of its services remain a primary target for this type of scam. That said, users of other platforms are far more likely to be targeted nowadays than they were a few years ago.

There have been other changes in the support scam threatscape, too. As I’ve pointed out here and elsewhere many times, the tech support scam focus has shifted somewhat from cold calling to pop-ups and SEO-exploiting ads picked up by major search engines, so that the victim gets to call the scammer instead of vice versa.

Microsoft has announced a User Safety Policy Revision (Global) for Bing that addresses the problem as follows:

“Bing Ads disallows the promotion of third party online technical support services to consumers because of serious quality issues that can impact end user safety.”

There are more details on Microsoft’s Misleading content policies page (the article also points to a video that might be of some interest to scam watchers and potential victim.). The policies page covers a lot of ground that I expect to see covered at some point by the Clean Software Alliance’s guidelines. However, there are two particularly relevant policy areas highlighted there:

  • Advertisers may not promote online technical support to consumers for products or services that the advertisers do not directly own.
  • Advertisers must not claim to provide a service that can only be provided by the actual owner of the products or service advertised.

Paul Ducklin observes that “the sheer volume and audacity of the crooks has spoiled it for everyone”. Sad, but true: at any rate, if the policy changes are enforced reasonably effectively. Certainly it will have some impact on the call centers that use this kind of lure: specifically, in this case, buying ads using tech-support-related keywords. However, as Shaun Nichols has pointed out for The Register, ads using sufficiently generic support-related search terms can still pop up in a Bing search.

I can fully appreciate why Microsoft has gone this route, and I suspect that other search engine providers may follow suit. Perhaps the ban will encourage computer users (including users of mobile devices) to search out sources for more reliable information on tech support companies. But people with genuine computer problems are going to find it harder to find genuine help from genuine companies, even while they (hopefully) are less exposed to the attentions of support scammers.

I just wish I knew of (or had time to work on) a reliable online source that actually verifies the bona fides of companies that can help, nationally if not locally. But that would be a seriously intensive undertaking.

There are localized community-oriented groups on social media sites where you can get local recommendations, of course, if you’re prepared to risk crowdsourcing. The obvious problem there is that you’re reliant on the security-savviness, honesty and impartiality of the people who make up that crowd. A less obvious problem is that Facebook groups and pages, for example, have often proved disconcertingly vulnerable to spam/scam infiltration, without even thinking about how safe all those sponsored ads really are. And who’s to say that such resources won’t also choose at some point to opt for the wholesale blocking of post and ad types that have been continuously misused? After all, it may be safer (if not necessarily easier) for a service to block ‘difficult’ categories altogether rather than risk being held responsible for removing malicious content.

Of course, if you have reason to suspect that you may have a malware/security problem, it’s usually a good idea to talk directly to the company that publishes your security software of choice, where possible. (Unfortunately, if you rely on free anti-malware, for example, that may not be an option.) Even a good third-party tech support specialist may not be as knowledgeable as you might hope when it comes to esoteric security issues. And trawling the web in the hope of finding one of the good ones is going to get more difficult.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center