Thursday 25 September 16:00 - 16:30, Red room.
Jérôme Segura Malwarebytes
download slides (PDF)
Tech support scams have been going on for a long time, and despite all the attention they've received, they are only getting worse.
The classic fake Microsoft cold call is no longer the only technique used, as it is far more effective to have marks call with a problem.
Scammers are diversifying their persona using deceptive ads and pop-ups, phishing scams, and even targeted campaigns for special events such as the end of the tax season.
As the scams get more sophisticated (Mac OS and Android are on their list too), the risks for potential victims have increased. Documented instances show that while 'scanning' the computer for viruses, the crooks scrape any personal documents they can lay their hands on, opening the door for disastrous identity theft issues.
While education and awareness go a long way to reducing the number of victims, security researchers can help out too. This paper will show how to build your own honeypot to collect everything the scammers download on the machine and track their geolocation down to real-world coordinates - even when remote software logs are disabled or the connection is routed through a proxy.
Finally, I will present real intelligence collected using the previously described honeypot.
Jérôme Segura is a senior security researcher at Malwarebytes, where he specializes in tracking down malicious websites, general online threats as well as scams. He first became interested in Microsoft tech support scams when he received a cold call back in April 2013 while working remotely from home. Since then he has been documenting the various tricks crooks use and exposing companies involved in scamming innocent people. While law enforcement has taken action with some success many times before, Jerome still believes the best solution to this problem is awareness. At the same time, as more people have become aware of these scams, there has been an increasing number of pranks played on the cold-callers. Beside the funny aspect of this, and the fact it is well deserved, it has made scammers eager to seek revenge and often resulted in them becoming even more aggressive. Beyond the technological tricks which can be amusing, there remains a human element and deep socio-psychological factors at the core of this scam, all of which Jérôme finds quite fascinating.