A team of three doctoral students, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and victimizing people around the world.
The study is the first analysis of its kind on tech support scams, and it’s the work of three PhD candidates at Stony Brook University. The team built a custom tool called RoboVic that performed a “systematic analysis of technical support scam pages: identified their techniques, abused infrastructure, and campaigns”. The tool includes a man-in-the-middle proxy that catalogs requests and responses and also will click on pop-up ads, which are key to many tech-support scams.
There are a slew of different versions of these scams, but generally they’re a type of multichannel fraud that occurs when a scammer claims to offer legitimate tech support via the phone or online to unsuspecting users, with the caller usually claiming to work for Microsoft or Apple support. As the Stony Brook study points out, many of these scams begin when a cleverly designed website tricks unsuspecting, vulnerable users into believing they have a virus, and that they need to call the number shown on the site to help them out. Sometimes, the page disguises itself as a Windows “blue screen” so that users find it more believable.