Posted by David Harley on June 23, 2014.
DVLUP is a programme (about which I know next to nothing, as app development isn’t my thing) for – ummm, app developers. Richard Hay here mentions that a cold-caller ostensibly from the programme and asking for feedback may actually be hoping to harvest some sensitive personal data from him, and believes that this human trojan horse may be from the same stable as the far more common tech support scams I’ve so often discussed in various corners of the security universe like this.
It’s kind of interesting, but the link with tech support scams seems a little tenuous, or at least highly speculative. Yes, support scammers (usually based in India) do often claim to represent or be associated with support scammers, but Hay observes that the caller to whom he spoke didn’t have a foreign accent.
More to the point, perhaps, support scammers try to exploit the lack of technical knowledge of the many millions of everyday computer users out there to sell them software/services they don’t need. Harvesting data from a comparatively small population of technically sophisticated users – I presume most app developers are generally knowledgeable about computers and operating systems! – is an altogether different ballgame. And it’s by no means proven that ‘Maddie’ actually was attempting some kind of scam: Hay is assuming that it’s a possibility because the phone went dead when he asked her to verify that she was calling from Microsoft/Nokia/DVLUP.
I’m not saying he’s wrong, and if Maddie was a scammer, I can’t say there’s no connection between what she’s doing and the classic tech support scam, but there isn’t really enough evidence here to support that contention.
Still, it’ll be interesting to see if any further information about scams specifically targeting developers hits the radar in the future.
Small Blue-Green World