Over the years we’ve done analysis on tech support scammers to include their tactics, infrastructure, front companies, payment mechanisms, and even how they hire. But one question that comes up frequently from security researchers is how a group of criminals, who are by most accounts computer illiterate, set up tech support scams that require a hard minimum of technical expertise, troubleshooting, and maintenance?
How is a criminal so oblivious as to use his real name and cellphone to register a ‘company’ website can be sophisticated enough to set up infrastructure handling ad network tracking, SEO cloaking, and payment processing? The main answers are firstly that a segment of the market for these scams genuinely believe themselves to be legitimate businesses (a sentiment that deserves its own separate blog post), and second is the Scam in a Box.
Leave a reply