Usuario:SRuizR/Taller/Estafa de soporte técnico
Una estafa de soporte técnico se refiere a cualquier tipo de actividad fraude telefónico en la que un estafador dice ofrecer servicio de soporte técnico legítimo, usualmente mediante llamadas en frío a usuarios no sospechosos. Dichas llamadas suelen ser dirigidas a usuarios de Microsoft Windows, con el comunicante diciendo representar un departamento de soporte técnico de Microsoft.
In English-speaking countries such as the United States, Canada, United Kingdom, Ireland, Australia and New Zealand, such cold call scams have occurred as early as 2008[1] and primarily originate from call centers in India.[2]
The scammer will typically attempt to get the victim to allow remote access to his or her computer. After remote access is gained, the scammer relies on confidence tricks, typically involving utilities built into Windows and other software, in order to gain the victim's trust to pay for the supposed "support" services. The scammer will often then steal the victim's credit card account information or persuade the victim to log into his or her online banking account to receive a promised refund, claiming that a secure server is connected and that the scammer cannot see the details. Many schemes involve convincing the victim to purchase expensive gift cards and then to divulge the card information to the scammer.[3]
Operation
[editar]Technical support scams typically rely on social engineering. Scammers use a variety of confidence tricks to persuade the victim to install remote desktop software (often by informing the victim that the scammer is connecting the computer to a "secure server"), with which the scammer can then take control of the victim's computer. With this access, the scammer may then launch various Windows components and utilities (such as the Event Viewer), install third-party utilities (such as rogue security software) and perform other tasks in an effort to convince the victim that the computer has critical problems that must be remediated, such as infection with a virus. The scammer will urge the victim to pay, with a credit card or gift card, in order that the issues may be "fixed".[1][4][5]
Initiation
[editar]Technical support scams can begin in a variety of ways.[4][6] A scam most commonly begins with a cold call, usually claiming to be associated with a legitimate-sounding third party, with a name like "Microsoft" or "Windows Technical Support".[2] Scammers have also lured victims by purchasing keyword advertising on major search engines (with ads triggered by phrases such as "Microsoft live chat", "Facebook support", or "Outlook login help"), though both Bing and Google have taken steps to restrict such schemes. Other techniques include email spamming and cybersquatting to lead potential victims to web pages containing scammers' phone numbers.[7][8] Some scams have been initiated via pop-up ads on infected websites instructing the potential victim to call a number. These pop-ups often closely resemble legitimate error messages such as the Blue Screen of Death.[9][10]
Remote access
[editar]The scammer usually instructs the victim to download and install a remote access program, such as TeamViewer, AnyDesk, LogMeIn, GoToAssist,[11] ConnectWise Control (known also as ScreenConnect), etc. With the software installed, the scammer provides the victim with an access key or other details required to initiate a remote-control session, giving the scammer complete control of the victim's desktop.[1][12]
Confidence tricks
[editar]After gaining access, the scammer attempts to convince the victim that the computer is suffering from problems that must be repaired, most often as the putative result of malicious hacking activity. Scammers use several methods to misrepresent the content and significance of common Windows tools and system directories as evidence of malicious activity, such as viruses and other malware. Normally the elderly and other vulnerable parties, such as those with limited technical knowledge, are targeted for technical support scams.
- The scammer may direct users to Windows' Event Viewer, which displays a log of various events for use by system administrators and expert users to troubleshoot problems. Although many of the log entries are relatively harmless notifications, the scammer may fraudulently claim that log entries labeled as warnings and errors are evidence of malware activity or that the computer is becoming corrupted, and that the errors must be "fixed".[4][6][13]
- The scammer may present system folders that contain unusually named files, such as Windows' Prefetch and Temp folders, and claim that the files are evidence of malware on the system. The scammer may open some of these files (especially those in the Prefetch folder) in Notepad, where the file contents are rendered as mojibake. The scammer claims that malware has corrupted these files, causing the unintelligible output. In reality, the files in Prefetch are typically harmless, intact binary files used to speed up certain operations.[13]
- The scammer may misuse Command Prompt tools to generate suspicious-looking output, for instance, the
tree
ordir /s
command, which displays an extensive listing of files and directories. The scammer may claim that the utility is a malware scanner, and while the tool is running, the scammer will enter text purporting to be an error message (such as "security breach ... trojans found") that will appear when the job finishes, or into a blank Notepad document.[14] - The scammer may misrepresent values and keys stored in the Windows Registry as being malicious, such as innocuous keys whose values are listed as not being set.[4]
- The "Send To" Windows function is associated with a globally unique identifier. The output of the command
assoc
, which lists all file associations on the system, displays this association with the lineZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
; this GUID is the same on all versions of Windows. The scammer may claim that this is a unique ID used to identify the user's computer, or claim that the CLSID listed is actually a "Computer Licence Security ID" that must be renewed.[15][16] - The scammer may claim that the system's problems are the result of expired hardware or software warranties, for example, Windows product keys, and coax the victim into paying for a "renewal".[6][13]
- The scammer may run the obscure
syskey
utility and configure a startup password known only to the scammer, thereby locking the victim out of his or her own system after the computer is rebooted.[17][18] Assyskey
is only present in Windows versions previous to Windows 10, the scammer may force the user to become locked out by installing a keylogger and changing the user's account password and/or setting a PIN login requirement if the victim's computer runs on Windows 10.[19] - The scammer may delete Windows critical files and folders such as
system32
, making the computer unusable until the operating system has been reinstalled. - The scammer may block the victim from viewing his or her screen, claiming that it is the result of malware or of a scan being run, and use the time to search the user's files for sensitive information, attempt to break into the user's accounts with stolen or stored credentials or activate the webcam and see the user's face.[19]
- The scammer may run the
netstat
command in a terminal/command window, which shows local and foreign IP addresses. The scammer then tells the victim that these addresses belong to hackers that have intruded the computer. - The scammer may claim that a normal Windows process such as
rundll32.exe
is a virus. Often, the scammer will search the Internet for an article about the Windows process and will scroll to a section saying that the process name can also possibly be part of malware, even though the victim's computer does not contain that malware.
Objectives
[editar]These tricks are meant to target victims who may be unfamiliar with the actual uses of these tools, such as inexperienced users and senior citizens—especially when the scam is initiated by a cold call.[1][2][20] The scammer then coaxes the victim into paying for the scammer's services or software, which they claim is designed to "repair" the computer but is actually malware that infects it or software that causes other damage.[21] The scammer may gain access to the victim's credit card information, which can be used to make additional fraudulent charges. Afterward, the scammer may also claim that the victim is eligible for a refund, and request the user's bank account information—which is instead used to steal more money from the victim, rather than providing the promised refund.[4][6][2][13][22][23] Alternatively, a scammer may attempt to request payment using gift cards for online platforms such as Amazon.com, Google Play, and iTunes Store.[24][25]
In an investigation conducted by Symantec employee Orla Cox, it was revealed that after Cox paid for the fee for the scammer to remove the nonexistent "malware" infections, the scammers would then merely clear the log in the Event Viewer and disable Windows' event logging feature. This merely means that errors would no longer appear in the Event Viewer, i.e. had malware actually existed on Cox's computer, it would remain intact.[26]
Unethical and fake "support" companies
[editar]The great majority of the complaints and discussion about companies that cold-call and offer "technical support"[27] report them as being not merely incompetent or ineffective, but actively dishonest, doggedly trying to convince the victim of non-existent problems by trickery and, when possible, damaging the computer to which they gain access.[4][28][29] Computer-support companies advertise on search engines like Google and Bing,[27][30] but some are heavily criticised, sometimes for practices similar to those of the cold callers. One example is the India-based company iYogi, which has been reported by InfoWorld to use scare tactics and install undesirable software.[31][32] In December 2015, the state of Washington sued iYogi's US operations for scamming consumers and making false claims in order to scare the users into buying iYogi's diagnostic software.[33] iYogi, which was required to respond formally by the end of March 2016,[34] said before its response that the lawsuit filed was without merit.[35] In September 2011, Microsoft dropped Comantra, a Gold Partner, from its Microsoft Partner Network following accusations of involvement in cold-call technical-support scams.[36]
In December 2014, Microsoft filed a lawsuit against a California-based company operating such scams for "misusing Microsoft's name and trademarks" and "creating security issues for victims by gaining access to their computers and installing malicious software, including a password grabber that could provide access to personal and financial information".[37] In an effort to protect consumers, Microsoft-owned advertising network Bing Ads (which services ad sales on Bing and Yahoo! Search engines)[38][39] amended its terms of service in May 2016 to prohibit the advertising of third-party technical support services or ads claiming to "provide a service that can only be provided by the actual owner of the products or service advertised".[7][40] Google Search followed suit in August 2018, but went further by banning any advertising related to technical support, regardless of source, citing that it had become too difficult to differentiate legitimate providers from scams.[41]
In November 2017, a scam company called Myphonesupport initiated a petition seeking the identities of John Doe defendants in a New York case involving a telephonic denial-of-service attack against its call centers. The case has since been disposed.[42]
Scam baiting
[editar]Tech support scammers are regularly targeted by scam baiting[43] both online and offline, with individuals seeking to cause inconvenience to the scammers by wasting their time, and by disabling the scammer's computer systems by deploying RATs, distributed denial of service attacks and destructive computer viruses. Scam baiters may also attempt to lure scammers into exposing their unethical practices by leaving dummy files or malware disguised as confidential information, such as credit/debit card information and passwords, on a virtual machine for the scammer to attempt to steal, only to himself or herself become infected.
See also
[editar]References
[editar]- ↑ a b c d Arthur, Charles (18 July 2012). «Virus phone scam being run from call centres in India». Guardian. Archivado desde el original el 28 March 2014. Consultado el 31 March 2014.
- ↑ a b c d «Hello, I‘m definitely not calling from India. Can I take control of your PC?». Ars Technica. Archivado desde el original el 21 November 2014. Consultado el 16 November 2014.
- ↑ Weiss, Gary. «How Scammers Use Gift Cards to Steal Your Money». AARP (en english). Consultado el 1 de agosto de 2019.
- ↑ a b c d e f Segura, Jérôme. «Tech Support Scams - Help & Resource Page | Malwarebytes Unpacked». Malwarebytes Corporation. Archivado desde el original el 28 March 2014. Consultado el 28 March 2014.
- ↑ Weiss, Gary. «How Scammers Use Gift Cards to Steal Your Money». AARP (en english). Consultado el 1 de agosto de 2019.
- ↑ a b c d Hunt, Troy (February 21, 2012). «Scamming the scammers – catching the virus call centre scammers red-handed». Archivado desde el original el 7 April 2014. Consultado el 1 April 2014.
- ↑ a b «Microsoft to Bing users: No more shady third-party ads for tech support, password recovery». ZDNet. Archivado desde el original el 14 de mayo de 2016. Consultado el 13 de mayo de 2016.
- ↑ "Despite Crackdowns, Tech Support Ads In Search Are Still Cause For Consumer Confusion" (enlace roto disponible en este archivo).. Search Engine Land, Ginny Marvin on August 5, 2014
- ↑ Harley, David (7 October 2015). «Tech Support Scams: Top of the Pop-Ups». WeLiveSecurity. Archivado desde el original el 27 July 2016. Consultado el 28 July 2016.
- ↑ «Do not respond to scam pop-up messages in your web browser». www.communications.gov.au (en inglés). Department of Communications and the Arts. Archivado desde el original el 20 de abril de 2016. Consultado el 19 de abril de 2016.
- ↑ Brodkin, Jon (25 November 2013). «Fake tech support scam is trouble for legitimate remote help company». Ars Technica.
- ↑ Technical support scammers (8 July 2017). «Fake ConnectWise Control login purporting to be British Telecom technical department (note name of site)». bttechnicaldepartment.screenconnect.com. Archivado desde el original el 8 July 2017.
- ↑ a b c d Solon, Olivia (11 April 2013). «What happens if you play along with a Microsoft 'tech support' scam?». Wired.co.uk. Archivado desde el original el 7 November 2014. Consultado el 10 November 2014.
- ↑ Lodhi, Nauman. «Beware of Microsoft Tech Support Scammers». Business 2 Community. Archivado desde el original el 19 April 2014. Consultado el 18 April 2014.
- ↑ «Support desk scams: CLSID not unique». WeLiveSecurity. ESET. Archivado desde el original el 23 October 2014. Consultado el 15 November 2014.
- ↑ «Support-Scammer Tricks». WeLiveSecurity. ESET. Archivado desde el original el 25 December 2014. Consultado el 15 November 2014.
- ↑ Woodchip computers:Have you been caught by the "I am Windows Support" scam? (enlace roto disponible en este archivo).
- ↑ Holzman, Carey (14 November 2014). «'Microsoft Partner' Claims Fuel Support Scams». Kerbs on Security. Archivado desde el original el 25 September 2016. Consultado el 26 July 2016.
- ↑ a b Jim Browning (4 de agosto de 2018), This is why you never let anyone remotely access your computer, consultado el 9 de septiembre de 2018.
- ↑ «Microsoft Phone Scams». www.which.co.uk/. Which?. Archivado desde el original el 13 de febrero de 2015.
- ↑ Graham Scott, Gini (2016). Scammed: Learn from the Biggest Consumer and Money Frauds How Not to Be a Victim. Allworth Press. p. 182. ISBN 978-1-62153-504-1.
- ↑ «Tech Support Scams». Federal Trade Commission. Archivado desde el original el 31 October 2014. Consultado el 16 November 2014.
- ↑ Winterford, Brett (18 de mayo de 2011). «How the Microsoft/LogMeIn support scam works». ITnews.com.au. Archivado desde el original el 7 April 2014. Consultado el 1 April 2014.
- ↑ «No gift cards for tech support scammers». Consumer Information (en inglés) (FTC). 6 de junio de 2018. Consultado el 22 de agosto de 2018.
- ↑ «"From laughter to death threats": Meet Kitboga, the streamer exposing tech support scams». Newsweek (en inglés). 22 de mayo de 2018. Consultado el 22 de agosto de 2018.
- ↑ Cox, Orla (22 June 2010). «Technical Support Phone Scams». Symantec. Archivado desde el original el 19 August 2016. Consultado el 3 August 2016.
- ↑ a b Hunt, Troy. «Interview with the man behind Comantra, the "cold call virus scammers"». Archivado desde el original el 16 April 2014. Consultado el 18 April 2014.
- ↑ Baker, Steve. «What Seniors (And Their Children) Need To Know About Tech Support Scams». Forbes. Archivado desde el original el 20 April 2017. Consultado el 19 April 2017.
- ↑ «Reputation of guruaid.com». WOT. Archivado desde el original el 2 de mayo de 2014.
- ↑ «How iYogi & Guruaid running tech support campaigns?». AdWords Community. Consultado el 2 de mayo de 2014.
- ↑ Cringley, Robert (28 March 2012). «The downward (dog) spiral: iYogi exposed». InfoWorld. Archivado desde el original el 7 April 2014. Consultado el 3 April 2014.
- ↑ Cringley, Robert (21 March 2012). «Tech support or extortion? You be the judge». InfoWorld. Archivado desde el original el 29 de mayo de 2015. Consultado el 9 June 2015.
- ↑ Washington state sues firm, alleges tech support scam (enlace roto disponible en este archivo)., Associated Press, 16 December 2015
- ↑ Joe Panettieri (18 March 2016). «iYogi IT Services Lawsuit: State of Washington Awaits Response - ChannelE2E». ChannelE2E. Archivado desde el original el 29 March 2016. Consultado el 24 March 2016.
- ↑ Lawsuits Cloud iYogi Remote Tech Support Reputation (enlace roto disponible en este archivo)., 11 Jan 2016
- ↑ Microsoft Drops partner accused of Cold-Call Scams (enlace roto disponible en este archivo)., 22 February 2016
- ↑ Whitney, Lance (19 December 2014). «Microsoft combats tech support scammers with lawsuit». CNET. Archivado desde el original el 21 December 2014. Consultado el 21 December 2014.
- ↑ «Microsoft loses exclusivity in shaken up Yahoo search deal». Ars Technica. Archivado desde el original el 23 June 2015. Consultado el 30 June 2015.
- ↑ «Ad Tech And Mobile In Focus In Microsoft And Yahoo’s Renewed Search Deal». TechCrunch. Archivado desde el original el 26 June 2015. Consultado el 30 June 2015.
- ↑ «Bing bans tech support ads—because they’re mostly scams». Ars Technica. Archivado desde el original el 13 de mayo de 2016. Consultado el 13 de mayo de 2016.
- ↑ «Google to nix all tech support provider ads». iTnews. Consultado el 3 de septiembre de 2018.
- ↑ «Consumer Software International, Inc. - v. - ICEHOOK SYSTEMS LLC et al». Archivado desde el original el 21 de enero de 2018.
- ↑ «A guide to trolling a tech support scammer». WIRED UK. Consultado el 3 October 2018.
Further reading
[editar]- «Global Tech Support Scam Research – Global Summary». Microsoft Corporation. September 2018.
External links
[editar]- Official Microsoft support page on technical support scams
- Official Symantec support page on technical support scams
- Example of a scam with narration and screen recording en YouTube.
- Investigation with recordings by a security research group
- Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
Category:Confidence tricks Category:Cybercrime Category:Fraud in India Category:Remote desktop Category:Telephone crimes Category:Scams