TechSpot

Researcher fights back against tech scammers, tricks group into installing ransomware

By midian182
Aug 16, 2016
Post New Reply
  1. Whether by telephone or via fake websites, tech support scammers are a problem. While their tricks are unlikely to fool tech-savvy users, they’ve still managed to con a large number of victims out of money. But one group of online criminals picked on the wrong people.

    French security researcher Ivan Kwiatkowski's parents rang him after stumbling across a website that displayed a load of meaningless numbers, filenames and popups, one of which stated that their computer had been infected with the Zeus virus.

    Kwiatkowski obviously knew what was going on, so he decided to teach the scammers a lesson. After booting a virtual machine running Windows XP, he called the “tech support” number listed on the website.

    Staying in character, the researcher followed instructions to download a remote-assistance client, feigning surprise when the scammer launched the command prompt and typed in “1452 virus found” and “ip hacked.”

    Strangely, the person on the other end of the line seemed to become confused and ended the call when Kwiatkowski asked where he can get the $189 ANTI SPY or ANTI TROJAN software she encouraged him to buy. Undeterred, he called back and spoke to a different operator, this one called Dileep, who advised him to purchase "Tech Protection subscription" for the bargain price of $335.

    After handing over a number of fake credit card numbers, Kwiatkowski suggested he sends a photo of his credit card for Dileep to check. He’d already noticed that the downloaded remote assistance software could send and receive files, making it the perfect method for sending over one of the Locky ransomware files he had in his email inbox - renamed to look like a compressed digital photo.

    "He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Kwiatkowski wrote in his blog.

    Speaking to the BBC, Kwiatkowski admitted that he couldn’t be 100 percent certain the ransomware infected the scammer’s machine, but there was a pretty good chance that it had. "He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," he said.

    Image credit : Minerva Studio / shutterstock

    Image credit : Ivan Kwiatkowski

    Permalink to story.

     
  2. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,507   +498

    Yeah I keep getting emails from people who are called Mr. Smith or Mr. Jones, the fun thing is the Mr. in the begging, that's not suspicious at all because people all over the world use Mr. with their email names... right?... right? Or those Bank of Amerika emails, how did they know I opened an account with them... magic.

    I'm surprised that those messages can go through different spam filters, well hats off to them, they are kind of doing it right.
     
  3. SirGCal

    SirGCal TS Maniac Posts: 365   +136

    You just reminded me, I'm going to be a billionare. I just need to send a few grand to the price of uggabooga and then he will send the bonus as a thank you. I can't believe I forgot! AHH!
     
  4. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,558   +598

    Love it. Wish this would happen more often.
     
  5. Axiarus

    Axiarus TS Addict Posts: 218   +92

    Stock photos of "hackers" and "scammers" are so dumb.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...