User trolls “tech support,” sends Locky ransomware

Security / Tech

If you’re a casual user though, we highly recommend you ignore these calls if you get them.

You may or may not have gotten one of those phone calls from “tech support” insisting that your system is corrupted and needs attention. More often than not “tech support” claims they work for Microsoft or with Microsoft in hopes you’ll be lured into believing the pitch. Before we move on, it’s important to understand that Microsoft will never contact you about your personal system or the status of that system. Microsoft does issue updates, security patches, and fixes via Windows Update but that’s as much interaction as you’ll get from them.

The “tech support” scam seems to be pretty lucrative for these thieves and they’re pretty well trained in social engineering. They can usually spot a good target or if they’ve been found out rather quickly. One user decided to call the scammers back after his parents had dealings with them, and mess with them for a bit. Now we’ve all seen some of the better YouTube videos where IT folks troll “tech support” by giving them the run around and going in circles with them (watch one of those below). That’s exactly what this user did but to one up himself he decided to send the scammers the Locky ransomware file while they were trying to get his credit card number to go through.

In the end, I suggest using my second credit card and give him another random yet valid (as far as the Luhn algorithm is concerned) number. Dileep makes me repeat both payment details at least ten times and I play dumb. He calls his superior in the hopes of figuring out why the payment isn’t going through. In the meantime, I hear other operators in the background repeating credit card numbers and CVVs aloud. I’m assuming they’re not PCI-DSS compliant. That’s when I’m hit by a stroke of genius. I open my “junk” e-mail folder where I find many samples of the latest Locky campaign – those .zip files containing a JS script which downloads ransomware. I grab one at random, drag it into the VM. The remote-assistance client I installed has a feature allowing me to send files to the operator.

Now we’re not certain that Locky was actually activated on the “tech support” representatives computer but it’s great that someone is at least trying to discourage these scams. If you’re a casual user though, we highly recommend you ignore these calls if you get them. Never allow anyone to remote into your system unless you know for sure who they are, but again, there is no such thing as “tech support” unless you’ve signed up for such a service with someone specifically.

Do you have any funny “tech support” stories? Let us know in the comments below or on Twitter, Facebook and Google+.

  Source: Borderline
To Top