So you've been asked to start a threat intel program

Tech support scams: what are other people doing?

We’ve talked a lot about tech support scams over the past few years, typically focused on what we see ourselves, and the scammers who like to pose as Malwarebytes. But tech support scams are much bigger than that, targeting every tech company under the sun. So what are other people doing about it? Let’s take a look at some of the other players working to keep you safe.

IT Advocate

Independent researchers will occasionally conduct sting calls based on a combination of victim complaints and their own research. IT Advocate presents some of the most thorough research and professional videos in this genre, providing context to each company before they make the call.

Others who refer to themselves as “scam baiters” will present calls on Youtube, typically designed to waste the scammer’s time, or execute a practical joke. These are amusing, but also frustrating because they aren’t useful; most videos don’t disclose where they got the number, what their specific setup is, or any specific details on the company. IT Advocate, in contrast, focuses on collecting hard, actionable evidence that can be used in takedown requests to keep users safe. They publish fairly frequently and you can find their YouTube channel here.

An occasional problem defenders run into is how to effectively execute a takedown, in particular, an advertisement takedown for a fraudulent company. Scammers will register a corporate presence in the United States, set up several money mule accounts here as “payment processors”, and use US dollars to buy ads. As a result, it can be tough for an advertising company like Google to distinguish these ads from those of a legitimate tech support company. Fat Security is attacking this issue from an interesting angle, as you can see here. Rather than crowdsourcing victim reports, which can be vague or incomplete, they are crowdsourcing reporting – users who sign up will be informed of identified scams and how to report them to the proper authorities. The idea being one researcher’s report can be ignored; ten thousand users reporting the same scam demands a response. It’s a novel idea and we look forward to seeing how it turns out.

The Big’uns

Microsoft is arguably one of the most abused companies in a tech support scammer’s pitch. So how are they fighting back? They have extensive coverage of tech support scams in their blog, as well as a consumer education sheet with useful info here. (Here’s ours, by the way.)

What a lot of folks don’t realize is that they also have a reporting tool for victims and researchers to report a scam directly to them: When conducting threat analysis, more data tends to make for better judgments, so these types of reporting tools tend to yield good intelligence.

Symantec provides a public resource page here, as well as a reporting tool, although it appears to be a catch-all for abuse of their intellectual property.

Teamviewer is the tool of choice for scammers to gain access to your computer. Their resource page for victims here offers some good tips on how to secure your account if you have one and provides an email address to report fraudulent use of their product.

In short, there’s a wide range of researchers working hard to keep you safe from tech support scams, from the biggest names in the industry, down to single individuals working as an avocation. The more of us who pitch in makes it more likely that you won’t have to deal with a scammer. And if you’ve ever thought you were talking to Malwarebytes and gotten someone unsavory instead, please post to the comments below.

Some resources mentioned above:


William Tsing

Breaking things and wrecking up the place since 2005.