FTC fights the cybercrooks who put CryptoLocker to shame

Filed Under: Featured, Law & order

Take this test!

Put a name to the clear and present cybercrime danger that:

  1. Deliberately preys on users who are less well informed or prepared than average.
  2. Messes around with your data.
  3. Blackmails you into paying about $300.
  4. Makes you wonder if the crooks will be back, and if so, when?

You might be thinking, "CryptoLocker," but I'm talking about crookery that is in many ways much worse: fake support call scams.

Throughout the English speaking world, including at least the USA, Canada, UK, South Africa, Australia and New Zealand, innocent people, minding their own business, are being plagued by these callous callers.

Fortunately, the call scammers have stuck to a standard formula, which makes it easy (for now) to advise your friends and family on what to look out for; unfortunately, this consistency tells us they're still making money without an awful lot of effort.

How the scam works

You're probably aware of how it goes, but I'll review it here:

1. You get a call out of the blue. Usually it seems to come from a local phone number, so if you're in Sydney, Australia, your phone will show a number like +61.2.8xxx.xxxx; if you're in Oxford, you'll probably see +44.1865.xxx.xxx; and so on.

2. The caller will tell you - or almost tell you - he's from Microsoft. Or Dell. Or McAfee. Or, for that matter, Sophos. Maybe because some lawyer said it would make a difference, he probably won't state outright he's an employee of Sophos, or McAfee, or whomever, but will use weasel words like "I'm working with XYZ support."

3. He'll tell you your computer has a virus, and you need help. He may be cajoling, or sympathetic, or stern, or even downright threatening. However he chooses to behave, one thing is for sure: there isn't much that will make him take "No" for an answer.

→ Saying you had a Mac, or that you didn't have a computer at all, used to shut these guys up. But even that isn't guaranteed. The only thing that really works is to hang up immediately. Don't argue. Don't rant and rave. Hang up, right away, without saying a single word. Mr Miagi's Karate Kid defence: "Best way to avoid punch - no be there."

4. He'll get you to open the Windows Event Viewer.

5. He'll find an innocent error message with a nice, loud warning triangle or a bright red X, and tell you that's because you're infected.

6. He'll get you to give him remote access to your PC, using a legitimate remote support service. Because you can see what's he's up to, due to it being a legitimate "dual control" remote access service, you might feel slightly less uneasy about letting an unknown outsider in.

→ You can expect any sympathy to evaporate about now, and for the tenor of the call to become much more threatening. After all, if you did have a virus, you probably would be causing hassles for other internet users: spamming them, for example, or racking up bogus connections to their web server. So the fake call scammers exploit this to leave you wondering if you might end up in trouble - with the authorities, with your ISP, with the imaginary company you might inadvertently be attacking - and use your concern to intimidate you into what comes next.

7. He'll rummage around in a visually interesting but technically pointless way for a while, and then claim to have fixed a security problem you didn't have.

8. And then he'll take $300 off you, in return for nothing.

→ Worse than nothing, in fact. At best, he's tricked you into believing you are more secure than before, which is false. At worst, for all you know, he's stolen data, planted new malware for some repeat business, or simply messed up something through ineptitude.

Almost all of these calls seem to come out of India - a sort of alternative call centre business that seems to be bringing plenty of money into that country's economy.

But these callers, and the businesses that employ them, are not exactly a good advert for India as an outsourcing centre: they are demanding money by threatening you; they're charging you for a service you didn't need, and that in any case they didn't actually provide; and they typically seem quite unrepentant about it.

They don't care for Do Not Call registers; they may call over and over again (I have met people who get pestered repeatedly with these phone calls at home, and are powerless to make them stop); and in many cases, they seem to have a fair idea who you are from their cold-calling database, wherever or however they might have acquired it.

You have every right to be worried about this: a cold caller who cares nothing for regulations in your country, who has called you several times before, who doesn't like to take "No" for an answer, who is rude and intimidating, and whose aim is to extort $300 out of by telling you a giant pack of lies...and as far as you can tell, he knows where you live.

So, what can be done, apart from the swift-and-silent hangup I mentioned above?

Well, the United States Federal Trade Commission (FTC) is trying, and has just achieved a modest success against one such scammer:

It looks as though Mr Pasari folded early, leaving his fellow defendants to the ongoing wrath of the FTC.

Agreeing to pay technically doesn't make him guilty, but it will cost him $14,369, agreed as the amount he made out of the scams.

How big is the rest of this business?

The FTC has at least six matters on the boil right now, and I suggest you take a few minutes to browse through the open cases.

The FTC has, in my opinion, put together some excellent summaries of how the scams unfold, with a dispassionate and objective explanation of why these guys really do charge for absolutely nothing.

By the way, one of the FTC's complaints alleges that the perpetrators were able to spend more than $1,000,000 in two years on Google adwords to bring up their phone number when potential victims searched for terms such as "McAfee Customer Support," "Avast phone number," and "Norton Support."

So these guys do indeed also seem to be making lots of money for absolutely nothing.

Don't let your friends and family fall victim

Here's what you can do to protect your own friends and family from intimidation and exploitation by these scammers:

  • Make sure they are aware that they should not feel any obligation to accept computer support they didn't request.
  • Encourage them to hang up silently and swiftly.
  • Offer to help them find a local computer support service if ever they really need one.

Remember that every $300 someone you know puts into the coffers of these bogus givers of support is $300 that is effectively stolen from your local economy.

Say no, and here's some advice on how:


(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Worse than CryptoLocker?

Maybe not, but you can certainly make the case that this scam is as bad.

(For $300, the CryptoLocker guys actually do seem to sell you your data back. I'm not calling that "honour among thieves," but the call scammers charge you the same money for absolutely nothing.)

What you you think? Let us know in the comments!

, , ,

You might like

13 Responses to FTC fights the cybercrooks who put CryptoLocker to shame

  1. Baker · 252 days ago

    An interesting side note to this is that sometimes the "support person" on the end of the phone trying to get you to part with your money does not know he's a scammer - some I have spoken to genuinely believe they are resolving legitimate problems. They've been employed by the criminals and think they are working for a real support company! Scary! and clever.

    • Tim Hammond · 251 days ago

      I've repeatedly had these calls. I really wanted to do something to get at them knowing that the person on the other end of the phone was in the act of trying to rob from me. The only revenge I could think of was play very stupid and waste as much of their time as I could without compromising my computer. 16 minutes is my record so far. Also i logged the number with the website whocallsme.

      • Brad · 250 days ago

        I kept them going for quite a while telling them I don't have a PC - I use an Amiga. The guy called in another person to help deal with the unfamiliar response, and it wasted a bunch of their time while they tried to figure out what an Amiga computer is and how to work it into their scam. Finally I said "I'm sorry - I have to go now.".

        Or the "I'm sorry, I'm in the middle of something right now. Can you call back tomorrow at 9am at _number of attorney general's office_."

  2. Martín Alejandro Carmona Selva · 252 days ago

    Well, I feel that you should be EXTREMELY "POOR MINDED" not to realize the simple one simple fact.

    The fist thing I would say is "how the hell do these guys have my phone if I never -ever- give it to them?"

    That said, I received a -fake- call from my bank -they DO have my phone-, but, when the guy told me that he'll need my PIN, I realized and hung up! Latter, I phoned my bank contact and he told me that, indeed, the call was fake.

    What I wonder is how did they related my name to my phone (my mobile is not in the white pages) but, well... that's not that hard, I presume.

    What I'll do to "kinda solve" these issues is, as my bank now -an Google- does, that all SMSs or Calls that they made you must be identified as, let's say "Microsoft" instead of a common number.

    That way, you could easily identify any suspicious call...

  3. //AB5XxXj8BN// · 252 days ago

    Two thoughts; CryptoLocker is being written about quite a bit because it is so easy to grasp. They'll take $300 and it's done - at least up to now. On the other hand, banking malware propagated by Zeus, as an example can lead to indentity theft, which costs many multitudes more the remediate.

    These calls remind me of the "boiler rooms" that existed in the US in the 80's in "pump and dump" schemes. Artifially pumped up stock was sold to unsuspecting investors and the sellers then dumped the stock after it was driven up even more by those sales.

    • Paul Ducklin · 251 days ago

      Ironically, as far as SophosLabs can tell, some CryptoLocker victims have been infected by the crooks buying time on a Zbot/Zeus botnet and using it to install CryptoLocker...so for those people, Zbot/Zeus was as bad as CryptoLocker *plus everything else you mention* :-(

  4. Philip Le Riche · 252 days ago

    If you have the time and patience you might succeed in saving one other person being scammed by going along with the caller for a bit ...

    ... I'm sorry, this computer is very slow ... oh bother, there's somebody at the door - I won't be a minute ... What was that you asked me to type? ... It's coming up with an error message ... let me try again ... evendwvr was that? ... ah yes, I can see those yellow exclamation marks now. So what *exactly* do they mean? ... oh dear, this computer seems to have locked up - you can hang on while I reboot? ... I'm afraid it's always rather slow rebooting ... yes, it's definitely coming up ... deary me, it's crashed again - it often seems to do that ...

    I was just about to post this when the phone rang: "I'm calling you from windows support ..."!

  5. smith934 · 252 days ago

    One quick cure, is to do as I do. I never answer my phone, home or cell, if caller ID is blocked or if it's a number I don't recognize.

    • Paul Ducklin · 251 days ago

      That's not practical for everyone, of course - for example if you work from home, or have come to rely on Do Not Call (if your country has it) to shield you from most of the cold calls you once received.

      It does seem a shame to have to give up the ability to use your own phone except in very limited way because of this sort of thing.

      • John · 251 days ago

        Of course this is practical for everyone. Unless the caller doesn't have something important enough to leave a voice message about.

        • Paul Ducklin · 251 days ago

          Sounds as though you actually *like* using voicemail :-)

  6. Stephen H · 251 days ago

    I lie to these guys. "Windows? On my Macintosh?" Or "Hold on, I'll just get my wife..". Or "Can I call you back?"

    Then I got sick of them. Now we have a whistle next to the phone. Start talking quietly for a little while, then blow the whistle and hang up. Strangely, we haven't received one of these calls for several months.

  7. Andrew W · 244 days ago

    I've always wanted to mess with one of these guys - be surprised, "yes! it's really bad. how did you know?" and insist they help me with my computer crashing and coming up with bluescreens, and later "it's all black, all I can see is 'NTLDR is missing' in the corner", which eventually leads to "can you smell that?" "Oh god, smoke's coming out of it!" and then concluding by holding down the test button on a nearby smoke alarm and screaming down the phone that they've set my computer on fire.

    Sadly, I'm yet to get one of these calls.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog