Computer expert Ivan Kwiatkowski infected technical support scammers with the Locky ransomware. The infection was organized in a counterfeit “support session” issued by the scammers. His actions proved to be unexpected by the malicious users and show how a knowledgeable user can countermeasure against criminal actions.
Scammers and Their Tricks
These types of telephone fraud activities are one of the common tactics employed by malicious users. Social engineering is used on the users via cold calls or spam notifications in browsers. The scammers lure the victims into providing counterfeit support services via remote desktop software. The target computer use various tricks in order to mimic serious hardware or security problems. The fake solutions and advice are then provided for a large sum of money. These types of scam attacks usually are targeted against users who do not possess advanced technical knowledge.
The scammers typically state that they operate as support personnel from famous companies like Microsoft or Apple in order to fool the victims. Once a remote desktop session is initiated the scammers may claim that event logs, system files and folders and other information is infected or out of date. The solutions given often involve the download of counterfeit software or installation of malware. The fake support staff charges the victims with large sums of money in exchange for “fixing” their “detected issues”.
A Scam for the Scammers
The computer expert Ivan Kwiatkowski decided to fight back the typical tech support scam by using their own methods against the malicious scammers. In order to present accurate conditions and not get infected by counterfeit software tools he created a Windows XP virtual machine.
The scammers first point Ivan into downloading an executable file containing a legitimate tech-support application that is digitally signed. Once the program is installed the “support agent” initiates a simple directory listing command and reports to the “victim” that he has been hacked. Kwiatkowski is then offered to pay for removal of the “issue”.
Ivan then decides to fight back and prompted the scammer to download a file infected with the Locky ransomware. The successful social engineering attempt on his part managed to infect the scammers with one of the most famous ransomware available on the Internet.
You can read Ivan’s complete description of the situation on his blog.
How to Protect Yourself from Support Scammers
In order to better protect yourself against fraudulent tech support and other types of malicious attacks follow these security tips:
- Do not accept cold technical support calls, especially when you are not the one requesting support from technology companies.
- Ignore all banner popups and internet sites that promote technical support. Rely only on official channels offered by the software company and hardware manufacturers that you trust.
- Always double check if the tech support that you receive is from an official source. The websites of the vendors give information on how you can contact support in case you need assistance.