Speaking of the October 2010 ThreatSense report, which includes an article on fake support and AV...
A few days ago I wrote an article about fake support scams, a topic I've addressed before for Security Week - Fake AV, Fake Support -and here on the ESET blog. What was missing, I guess, was that extra edge you get from direct contact with the scammers. Well, I'm not quite there yet, but only one step away. Today, my wife received a phone call. (As background, you should know that my wife's work background includes IT training and support, IT teaching, and security, so she's not very susceptible to being scammed.)
"Hello, Mr & Mrs Harley?" [Indian accent, which makes us think "Oh! Kolkata!" - see Fake AV support scams]
"Yes?"
[Coldcaller] "Hello Mrs Harley, I'm from IT Support Windows Computers." [Some moments of confusion because my wife didn't catch the word "computers" at first and thought it was a follow-up call on the windows we'd just had fitted, then thought it was another company offering another window fitting service: like buses and carpet-cleaning services, they tend to come in threes...]
[The Fragrant Mrs Harley] "So why are you calling me?"
[Coldcaller] "Don't you want IT support?"
[TFMH] "But why are you calling me?" [Laughs]
[Coldcaller] "Why are you laughing? Don't you want Windows support?" [Indignantly]
[TFMH] "But why are you calling me?"
[Coldcaller] "Dohhhhhh.Grumble." [And other Simpsonesque mutterings]
[TFMH] "But I want to know why you're calling me."
[Coldcaller] "I don't know why I'm calling you either." [Slams phone down.]
It's always good to talk to an honest man. Well, it would have been, had I been there. Do ring back, Mr. IT Support Windows Computers: if you really are one of the support scammers I've been tracking (and I don't think there's much doubt about that), I've got a lot of questions to ask you...
David Harley CITP FBCS CISSP
ESET Senior Research Fellow