Whether by telephone or via fake websites, tech support scammers are a problem. While their tricks are unlikely to fool tech-savvy users, they’ve still managed to con a large number of victims out of money. But one group of online criminals picked on the wrong people.
French security researcher Ivan Kwiatkowski's parents rang him after stumbling across a website that displayed a load of meaningless numbers, filenames and popups, one of which stated that their computer had been infected with the Zeus virus.
Kwiatkowski obviously knew what was going on, so he decided to teach the scammers a lesson. After booting a virtual machine running Windows XP, he called the “tech support” number listed on the website.
Staying in character, the researcher followed instructions to download a remote-assistance client, feigning surprise when the scammer launched the command prompt and typed in “1452 virus found” and “ip hacked.”
Strangely, the person on the other end of the line seemed to become confused and ended the call when Kwiatkowski asked where he can get the $189 ANTI SPY or ANTI TROJAN software she encouraged him to buy. Undeterred, he called back and spoke to a different operator, this one called Dileep, who advised him to purchase "Tech Protection subscription" for the bargain price of $335.
After handing over a number of fake credit card numbers, Kwiatkowski suggested he sends a photo of his credit card for Dileep to check. He’d already noticed that the downloaded remote assistance software could send and receive files, making it the perfect method for sending over one of the Locky ransomware files he had in his email inbox - renamed to look like a compressed digital photo.
"He says nothing for a short while, and then... 'I tried opening your photo, nothing happens.' I do my best not to burst out laughing," Kwiatkowski wrote in his blog.
Speaking to the BBC, Kwiatkowski admitted that he couldn’t be 100 percent certain the ransomware infected the scammer’s machine, but there was a pretty good chance that it had. "He did not let on that something had happened to his computer, so my attempt is best represented as an unconfirmed kill," he said.
Image credit : Ivan Kwiatkowski