Bob was enjoying his morning coffee while catching up on his email. Suddenly, Bob realized he hadn’t gotten any new messages for two days. He clicked the send/receive button several times but still didn’t get any new messages. Bob’s email address was provided by his ISP (Internet Service Provider) so he grabbed his latest bill and gave them a call. After talking with the support agent for several minutes they were unable to find a problem. The agent found Bob’s connection was working fine and that his email address was working correctly at the company, so the issue must be with Bob’s computer. The agent asked Bob what program he was using to access his email. Bob was using Windows Live Mail, so the agent says he will give Bob the number for Microsoft Support. Bob is frustrated that the support agent couldn’t fix his problem but at least the agent helpfully provided a number to call to fix his issue. After hanging up with his ISP support agent, Bob calls the number he was given.
A nice man answers on the first ring, “This is Jimmy with Microsoft Support, how can I help you?” Bob is a bit suspicious as “Jimmy” clearly has a foreign accent, he also has trouble hearing Jimmy because of all the voices in the background. But because his ISP agent gave him this number and since so many companies use overseas call centers, Bob puts his suspicions to rest and explains his problem to Jimmy. The first thing Jimmy does is use a remote support tool to connect to Bob’s computer. Jimmy then proceeds to show Bob all kinds of technical readouts and explains to Bob the reason his email isn’t working is because of all these errors and viruses his computer has. Bob is surprised by this because aside from his email, everything else was working fine. He also had his computer serviced at a local shop just a few months ago and was given a clean bill of health. Bob explains this to Jimmy, who then continues to dazzle Bob with all of these problems and how if Bob wants his email to work then all of these issues must be fixed. Bob really needs his email working so he tells Jimmy to get it fixed. More technical details flow across the screen, scans are run and a short time later Jimmy says everything is fine. He then tells Bob his repairs cost $399. Bob is amazed that such a simple thing could cost so much and again suspects he might be getting scammed. Jimmy calms his fears and assures Bob that in addition to everything being fixed, he also receives free technical support for a year and free antivirus as well. Bob is still dubious but agrees to pay. Rather than take his credit card details though, Jimmy says Bob will need to go purchase some Apple iTunes gift cards for payment. Bob runs down to the dollar store, buys the gift cards and calls Jimmy back to give him the card numbers.
Our friend Bob has just been scammed. The scary part? It was because he was referred to a scammer by someone he trusted.
When I first heard one of these stories, I thought perhaps the support agent had made an innocent mistake. Perhaps he felt bad that he was unable to help his customer and simply ran a web search for Microsoft Support and gave his customer the first number he found. Unfortunately, the number went to a fake support company and his customer paid the price. The sad reality however, is that in most of these cases the support agent is deliberately referring people to these scammers for money.
I spoke with some of my peers who work in IT security and asked them if they had seen a similar trend. Not only have they encountered it, some of them have even been approached by these scammers for assistance!
Here’s how this terrible incident comes about. Like any business, scammers need customers. Since they have no scruples they will use any means to get them, including lying, cheating and intimidation tactics. In addition to fake popup ads and random cold calls, scammers have taken to paying referral fees to people who send fresh victims to the scammers. Support agents working for legitimate companies make excellent sources. They are trusted by the victim (often implicitly) and they handled tens if not hundreds of calls each shift. This means they can greatly increase the scammers profitability. Scammers pay handsomely for such referrals, ranging from $20 to $50 per victim. This makes it a very tempting offer; the referring agent can make large amounts of money via referrals in addition to their regular paycheck.
How To Protect Yourself
Before calling an unknown company and giving them access to your computer, consider contacting a local support company about your issue. Not only will you be able to work with a real person in your area, but the costs will likely be far lower. You will also be supporting a local business, perhaps even your neighbor.
What To Do If You Are A Victim
If you’ve fallen for this sort of scam, there are several steps you should take. First, if you used a credit or debit card for payment, contact your financial institutions to report the charge. Second, contact your service provider’s regional management team and give them the details of your call to their support center. This will allow them to track down the agent responsible. Third, you can report the incident to the Federal Trade Commission’s Complaint Center at https://www.ftccomplaintassistant.gov.
If you need assistance contacting either your service provider or the FTC, please contact Yellowstone Computing and we will be happy to help!