It's not just fake tech support: call centre cold-callers are operating various kinds of insurance scams, too.
The Insufferable, Insupportable Support Scam
Tech support scammers never cease to amaze me by their infinite capacity to keep bothering people with reports of non-existent problems on their computers: not only do they manage to find new ways of confusing the issue, but they keep trying to widen the pool of potential victims. While we’re still not seeing huge numbers of reports of Mac victims, Mac-specific support scams certainly exist. You might have got the impression from some journalists commenting on an excellent article by Jérôme Segura that scammers are turning away from XP and onto Android, but I didn’t think that was quite what he was saying, so I put up an article for the (ISC)2 blog attempting to clarify.
While the scammers he describes have been luring potential victims by advertising tech help for Android, they’re still primarily using a remote connection to a Windows PC to trick victims into believing they need to pay them for fixing problems that don’t actually exist.
I did, however, think that there’s plenty more to be said about this new twist, so I did recently on the (ISC)2 blog: Food for Fraud: Android & Tech Support Scams.
And, of course, there was bound to be yet another new twist sooner or later. Actually, sooner. Martijn Grooten’s name will not be unfamiliar to you if you’ve been following my tech support scam articles over the years, as we’ve been exchanging information and collaborating on the occasional paper for a good while. He reported recently for Virus Bulletin on the return of (apparently) the same scammers with whose antics he has entertained us before: Tech support scammers won't give up. The article is well worth reading, but I want to mention a couple of points in particular:
- He was asked to tell the scammer what icons were on his desktop and to answer questions about his keyboard, as a check on whether he was using a Mac. As Martijn pointed out, Jerome reported a Mac-specific version of the scam quite a while ago, so perhaps if they’d established that he was using a Mac, they’d have continued with a Mac-specific script. On the other hand, we’ve had quite a few people commenting on articles here that they’ve entertained themselves by keeping a scammer on the line for ages before telling him they’re using a Mac, so perhaps they were just hoping to avoid being the butt of an anti-scammer’s joke. How’s that working for you, boys?
- He was also asked to download AMMYY and the scammer used it (rather oddly) to download logmein123. These are both remote access services that are misused by support scammers to gain access to the victim’s system. I haven’t looked at the logmein123 program, but apparently it displays a warning about scammers. In this case, the scammer used an Italian version of the program so that the warning would be less obvious to an English-speaking victim. As it happens, AMMYY has been displaying a warning on its site for quite a while now. However, it’s in English and only linked from the US/English page, and there are quite a number of alternative pages in other languages (including Italian!) with no equivalent link. Since the Indian call centres executing this scam almost invariably do so in English, even when calling countries where English isn’t the official language, they probably didn’t consider it necessary. I imagine, though, that it would be possible for a scammer to pull much the same trick with a non-English AMMYY page.
Amusingly, Martijn asked the scammer whether his internet connection problems could have been caused by his refrigerator sending spam, but that idea got a frosty reception. ;)
Meanwhile, thank you to Susan for her comment to one of my earlier blogs with a slightly different gambit, evidently aimed at panicking the victim into paying up quickly. She got a call – allegedly from Brampton, near Toronto – from ‘DNS’, telling her that her computer was being used by Russians ‘to work with other servers to undertake criminal activity’ and that if she didn’t clear it up within 24 hours she would be held liable. They rang off when she asked for a number on which to call them back after checking with ‘her computer people’.
Accidently on Purpose
I haven’t personally received any support scam calls for quite a while, but the call-centre cowboys clearly haven’t forgotten me altogether. Recently I got a prime example of a different kind of call-centre scammer cold call that we hear a lot of in the UK. Usually, the scammer calls to say that he has been given accident-related information by some authority such as the National Health Service, an unnamed insurance company, or some fictional agency like the Accident Investigation Bureau.
In my case, the caller claimed to represent the Royal Traffic Bureau, who had informed him that someone in my home had a car accident in the last three years and is entitled to compensation. Who would have guessed that Her Majesty would be interested in my welfare? J
So this is how it’s generally supposed to go: the caller, who often says that he represents a company with a name like ‘UK Claims’ or ‘Claims Online’ says that you’re entitled to compensation for the accident but of course you’ll need to pay an administration fee for processing the paperwork. So you say ‘thank you very much, here are my credit card details’. Unless you’re an awkward, uncooperative so-and-so who insists on asking awkward questions like ‘so what’s my car licence number?’ or ‘so who had the accident?’ In fact, they can’t answer these questions, and sometimes say they can’t tell you any more because of the Data Protection Act. Gosh, who’d believe that a useful piece of protective legislation could have been misused so often?
In this case, since the scammer was unable to answer any of my questions, all he was able to do was repeat the information he did have (my name, address and telephone number). I was really impressed that he was able to read a telephone directory. Clearly he must be genuine. Not… At which point I suggested he should get a proper job. He was still laughing when I rang off. Kind of like an ambulance chaser, but less ethically grounded.
Even if you have had such an accident and think there might be a case for a claim, it’s pretty much a given that if someone calls you out of the blue offering guaranteed success in obtaining a guaranteed amount, it’s a scam. A legitimate claims management company (and there is such a beast) in the UK has to jump through quite a few hoops before it can legitimately ask you for payment for acting on your behalf: it has to assess your claim and chances of success, give you full details of the company and your contact point, and so on. The salient points of the legislation covering these issues can be found on the Claims Management Regulator’s web site. Sorry, but I’m not really conversant with legislation and regulation in this area in the US.
PPI gives me the PIP
Another common (and somewhat related) nuisance in the UK consists of unsolicited phone calls offering help with PPI (Payment Protection Insurance) claims. This was a form of insurance offered by financial institutions to (partially) cover loan repayments when a borrower was unable to meet repayment commitments due to illness or unemployment. While there are often grounds for compensation for the inappropriate or misleading sale of PPI, there has been a plague of equally aggressive salesmanship from claims management companies using cold-calling and unsolicited text messages to whip up business.
A common practice is the use of automated messages that you can opt out of, but only by waiting till the end of the recording, at which point you can press a key when prompted. This is particularly galling if you’re already subscribed to the Telephone Preference Service, a UK “do no call” register that businesses are supposed to check before they make cold calls. Not to mention the fact that it’s not actually necessary to pay an agency to claim a PPI refund on your behalf, if you’re entitled to one. In fact, apparently in the face of complaints from the banking industry about floods of inappropriate claims by agencies and from consumers about harassment by cold-callers, the Ministry of Justice is introducing measures to fine companies that overstep the mark. Guidance on the conduct of PPI claims by Claims Management Companies is available from the Ministry of Justice site, notably this bulletin.
I’ve also seen reports of PPI claim-related cold calling from Indian call centres, claiming that they are working with the justice ministry on refunds of bank charges and PPI, and requiring an upfront fee before handling the claim, in clear defiance of the regulations that already exist. A particularly unpalatable aspect of this particular variation is that pensioners are often targeted.
David Harley
ESET Senior Research Fellow