Ah... support scammers. Mostly out of Kolkata
. You can always ask them how their local team
is doing when they call.
One of my co-workers has been tracking these scammers for several years now, watching as their tactics, malware, scams and tricks have evolved, somewhat in response to law enforcement, but mostly because of what works for them, since they are still going strong. Here is a partial
listing of his blog posts on the subject from last year:
New Support Scam Gambits: Frozen Virus a Frozen Turkey
Support Scams and the Surveillance Society
PC Support Scams: a Forensic View
Telephone Scams: it’s not all about PC support
Telescammer Hell: What’s Still Driving The PC Support Scammers?
FTC cracks down on tech support scams and feds nail fake AV perps (actually, by another coworker)
PC Support Scams - Virus Bulletin paper
AMMYY Warning against Tech Support Scams
Support scams and Quervar/Dorifel
Dorifel/Quervar: the support scammer's secret weapon
Support Scammer Anna's CLSID confusion
Misusing VERIFY (and other support scam tricks)
The Tech Support Scammer's Revenge
Support scams: social engineering update
Support Scammer Update: Misrepresenting Task Manager/
Support Scam Poll
How to recognize a PC support scam
Fake Support, And Now Fake Product Support
Cybercrime and Punishment
He also got enough material out of the scams to write two papers for conferences on the scammers:
CFET2012 - FUD and Blunder: Tracking PC Support Scams
VB2012 - My PC Has 32,539 Errors: How Telephone Support Scams Really Work
Interesting reading. What's interesting about this scam is that it is so much more labor-intensive than conventional malware. The scammers can end up spending an hour or more on the phone with a victim. However, the reason they do that is in the payoff: Once they have your credit card, they will typically charge several hundred dollars/euros/pounds, regardless of what they told you they were going to bill.
If you, or someone you know, was the victim of a support scammer and gave them a credit card number, contact the bank issuing it and report the fraud to them. Right now, that's pretty much the only recourse consumers have.