Skip to main content

Distinguished Seminar:  Dial One for Scam - A Large-Scale Analysis of Technical Support Scams

Date:March 27, 2017 
Talk Title:Dial One for Scam - A Large-Scale Analysis of Technical Support Scams
Speaker:Nick Nikiforakis, Assistant Professor, Stony Brook University
Time & Location:12:00pm - 1:00pm
DEC, CIC Building, Pittsburgh

Abstract

In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide remote machine access to the scammers, who will then "diagnose the problem", before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web.

In this talk, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by technical support scams.

Speaker Bio

Dr. Nick Nikiforakis (PhD'13) is an Assistant Professor in the Department of Computer Science at Stony Brook University. He is the director of the PragSec lab where students conduct research in all aspects of pragmatic security and privacy including web tracking, mobile security, DNS abuse, social engineering, and cyber crime. He has authored more than 40 academic papers and his work often finds its way to the popular press including TheRegister, SlashDot, BBC, and Wired. His research is supported by the National Science Foundation and the Office of Naval Research and he regularly serves in the Program Committees of all top-tier security conferences.