More On Telephone Support Scams

ESET has a very nice article up about those  telemarketers that call and tell you there is something wrong with your PC:

http://blog.eset.com/2012/10/15/telescammer-hell-what-still-drives-the-pc-support-scammers

Despite the positive news blogged by Stephen Cobb recently about the steps taken by the Federal Trade Commission to crack down on India-based PC tech support scams, no-one should be taking it for granted that the problem is now solved. While an FTC press release says FTC Halts Massive Tech Support Scams, in the real world the freezing of assets and other measures in the US is unlikely to have a huge immediate impact on companies operating out of Kolkata and the surrounding areas. The day of judgement? It’s far too early for church bells and street parties.

After years of struggling to get not only the attention of law enforcement agencies but positive action, we are encouraged by the assertion that so many parties have contributed to acting on the problem: the FTC cites ACMA (Australian Communications and Media Authority), CRTC (Canadian Radio-television and Telecommunications Commission), and SOCA, the United Kingdom’s Serious Organised Crime Agency, as well as a number of IT companies. (Including Microsoft, whose name and Windows branding have been misused so many times by support scammers.)

We would, perhaps, be much more encouraged if law enforcement in India also got a name-check in that press release. (We’ve been told by a law-enforcement source in the UK that the UK police do have a point of liaison with Indian law enforcement, but haven’t so far seen much sign of that cooperation translated into punitive action in India itself.) In any case, we are certainly not seeing an instant drop-off in the number of scam calls received.

Is this persistence – some people are still reporting receiving several calls a day – perhaps actually due to fear of an imminent crackdown in the US, driving a last-ditch effort to make as much money as possible before the well dries up? Maybe that fear plays some part in the strategic thinking of the masterminds behind this type of scam – and make no mistake, some of the ploys used do suggest a certain amount of technical knowledge, and the formulaic script-driven ignorance of IT issues displayed by some of the callers we’ve talked to is far from the whole story.  We’re in no doubt that there are people scripting the scams who are fully aware of what they’re doing and who are actively researching and working on ways of misusing system utilities in order to mislead and panic people into using their services.

However, we don’t think the unceasing barrage of scam calls reported by readers of our blogs is (primarily) in response to fear of imminent US judicial process. The desperation of multitudes of hard-pressed call-centre staff competing for a slice of the same shrinking pie is probably a more important factor right now. (Hopefully, fewer people are falling for these scams than when we first started writing about them a few years ago.) Of course, there may be a drop-off in the figures further down the line as the FTC turns its spotlight on more scammers, but only if the FTC’s attention is translated into direct action where the scammers actually live and hold their bank accounts.

Even if we were more confident of the full engagement of law enforcement locally, we’re not likely to see many of the offending call centres dismantled. After all, the same operations are also servicing more-or-less legitimate enterprises in the US and the UK who are seeking to reduce support costs and the complications of honouring Do-Not-Call registers by outsourcing to India (or, increasingly, the Philippines). There is considerable anecdotal evidence (hat tip to Craig Johnston, who talked about that in our joint paper/presentation at Virus Bulletin this year) that many first-line callers don’t see a distinction between more-or-less legitimate support services and the essentially fraudulent misrepresentation of the CLSID entry flagged by ASSOC, the Event Viewer utility, and otherprograms characteristically misused by support scammers.

Did we really say ‘multitudes’ of scammers? Well, while many of the people who’ve reported scam calls seem to think they’re being persecuted time and time again by the same caller, there do seem to be plenty of call centre agents to go round.


Comments are closed