Faking out fake tech support

A few years ago, a criminal gang in India was making easy money off tech-illiterate people in Europe, Australia, and Great Britain. They did quite well until they encountered Kaspersky

A few years ago, a criminal gang in India was making easy money off tech-illiterate people in Europe, Australia, and Great Britain. They did quite well until they encountered Kaspersky Lab’s David Jacoby and, later, the Crime Investigation Cell of the Indian Police.


The scenario should be familiar to our readers: Criminals called random landline phone numbers during the day. They introduced themselves as representatives of a large, well-known software vendor and convinced victims that something was wrong with their PCs. People who knew little about computers took the bait.

To convince their victims, the fake technical support specialists sometimes told them that malware was slowing down their devices. They also asked the victims enter a DOS command — verify — to check if there were any problems with their software license. When this did not work (of course it didn’t; that’s not how you verify an operating system license) the crooks claimed that the license was fake.

Next, they asked their victims to install a remote administration tool, which gave them access to the victim’s PC and let them install software to (allegedly) fix the (fake) problem. Finally, the criminals requested money for the services they had provided and promised lifetime technical support, free security tools, and other perks that were too good to be true. In some cases, the criminals even taught their victims how to use PayPal to pay for the help.

Naturally, the fake tech support reps did not solve any problems (if the victims even had problems), and the software they installed had zero useful functions. This scheme worked surprisingly well and yielded millions of dollars for the criminals.

One clever aspect of the plan was calling landlines during the day, expecting to find mostly older, retired people who might be less computer savvy. But nowadays, many technologically advanced people work from home, and many of them even use landline phones. One such person is our senior security expert, David Jacoby.

Fed up with continual phone calls from fake technical support, Jacoby decided to play along one day, allowing the criminals to connect to a virtual machine running on his PC — so that he could see what they planned on doing and capture evidence. He precisely followed the criminals’ instructions until they asked for a payment — $250. Then he told them his credit card didn’t support online payments.

He convinced the criminals to visit a website, which he had set up in advance, where he said a friend had stored data for another credit card. In fact, the site contained nothing but one line of text, but when the criminals went to the site, the Web server logged their data, which gave Jacoby their IP and e-mail addresses. He already had their phone numbers and PayPal account information. All of that was immediately shared with PayPal technical support service and Indian police.

All’s well that ends well

It was four years ago that the unlucky scammers called David Jacoby (you can read more about it in his own blog post). And today we have a reason to dust this story off: eight criminals responsible for the scam were finally arrested by Cyber Crime Investigation cell of the Indian police force.

To fight cybercrime effectively, law enforcement and cybersecurity experts must cooperate. Software companies do not have the power or authority to arrest criminals, and law enforcement agencies need our professional expertise and data.

The Kaspersky Lab team hopes we will have more opportunities to cooperate with law enforcement agencies in different countries. In fact, we have another story in the works, of catching a band of criminals and saving their victims. Stay tuned!

What is ransomware?

This post is intended for people who either never heard of ransomware or knew about it but didn’t really pay attention. We will explain in practical, down-to-earth language what ransomware