twitter facebook rss

Ransomware, Support Scams, and Old-School 419s

Posted by on October 21, 2016.

In the age of ransomware, it’s easy to forget that other attacks like support scams and the venerable (but not venerated) 419 have not disappeared. They’ve simply become less glamorous and so attracted less media attention. It’s hard to say to what extent improved email filtering (in the case of 419s rather than support scams) and the copious warnings from the security industry to its customers have had an impact on their effectiveness.

Tech support scams have clearly not gone away, though they have tended to evolve. I’m not going to go over ground I’ve already covered on this site – Tech Support Scams: a Beginner’s Guide – but they’re clearly still happening and still effective enough to make money for somebody.

For example, Malwarebytes CEO Marcin Kleczynski was heavily quoted by Steve Melendez in an article suggesting an ever-increasing correlation between tech support scams using malware and unequivocal ransomware: Tech Support Scams Are Getting More Sophisticated. A Malwarebytes researcher was quoted anonymously as saying that ‘We’re going to see more aggressive techniques … In particular, I wouldn’t be surprised if they started using ransomware and encrypting people’s files.’ That’s pretty speculative, of course – though I suspect that it comes from a particularly knowledgeable individual – and there really has been convergence in some respects. In any case, Malwarebytes has published consistently useful work on support scams (and much else, of course). But the article also covers a number of aspects of this particular corner of the threat landscape. Kleczynski also makes the point that there is an important distinction between ransomware and support spams, in that victims may not be aware that they’ve been scammed. It may be true, as the article also suggests, that some scam callers aren’t actually fully aware that they’re scamming, but I’ve talked to plenty who clearly were.

Meanwhile, a study by Microsoft throws up some interesting statistics regarding the relative proportions of tech support scam victims in various parts of the world, as well as some generational differences. For instance, while many British people are still ‘enjoying’ contact with support scams, only two percent are reported to have lost money in the last year, whereas out of those who encountered a scam, 22 percent of Indian citizens and 21 percent of US citizens contacted lost money. Across the world, around 13 percent of people in the 18-24 age group are reported to have lost money to online or telephone scammers, whereas only three per cent of over-65s lost money. In personal terms, I think this means that I’m unlikely to lose money, but my blood pressure is at risk.

I mentioned earlier that improvements in email filtering may have had some impact on the effectiveness of 419s (as it has other email-borne threats, of course). If nothing else, it means that they may be seen far less often in the Inbox. Though it’s not unusual for them to be lurking in spam folders and ‘infected items’. However, it seems likely that scammers despatch large enough quantities of emails to ensure that quite a low rate of responses can still be profitable.

There again, the type of scam that we usually call a 419 goes back to a time way before the Internet and email, the fax, or regular postal services. More recently, such scams have been transmitted through other electronic channels such as social media. And only today, I found a comment to one of my articles for ESET, that plainly represents a kind of ‘reloading scam’ where the scammer suggests that there is a fund set up to compensate victims and offers a contact point for such a fund. Variations on this theme normally use a classic ‘Advance Fee Fraud’ ploy: after the victim responds, it turns out that the ‘payment’ is conditional on the payment of certain fees, which will be pocketed by the scammers. Of course, there will be no payment.

David Harley

2 thoughts on “Ransomware, Support Scams, and Old-School 419s

  1. Martin Naydenov on said:

    Could you give me advise as to how to remove the ransomware that I have at the moment. I just cought a virus that turned all my files into .shit extentions.

    • This is a variation on Locky. To the best of my knowledge, there is no reliable free decryptor available at this time, though there seem to be quite a few sites claiming to be able to offer decryption. I’m not going to list them, as I’m not in a position to check them all.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,