Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

TL;DR

This paper presents a comprehensive analysis of technical support scams, revealing their infrastructure, prevalence, and tactics through large-scale data collection and direct interactions, offering insights for countermeasures.

Contribution

First systematic study of technical support scams combining automated discovery, analysis of infrastructure, and direct scammer interactions, providing new insights and countermeasure proposals.

Findings

Identified malvertising as a major exposure vector.

Discovered hundreds of scam-related phone numbers and domains.

Gained detailed understanding of scammer tactics and infrastructure.

Abstract

In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide scammers with remote access to their machines, who will then "diagnose the problem", before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web. In this paper, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by technical support scams.