Symantec issued a report on Aug. 3 revealing that technical support fraud scammers are using call optimization services to improve their results. The new techniques come as the volume of tech support scams blocked by Symantec continues to grow.
Tech support scams come in multiple forms, including malware advertising where an ad shows up on a user's screen warning that they have been infected with malware and need to call a certain number to get help. Symantec researchers found that scammers are making use of call optimization services to inject local numbers into malware alerts, as well providing additional features to improve call delivery.
"We were surprised to see scammers use legitimate optimization services for a couple reasons," Vikram Thakur, technical director at Symantec, told eWEEK. "First, it indicates the size of a specific scammer's operation spanning hired individuals in multiple countries; and second, it shows the scammer's brazen attitude toward using legitimate software platforms even though such vendors can be approached by legal entities."
Symantec noted in its research that organizations of all sizes have recognized the advantages of using call optimization services to improve their business, and now scammers are also finding benefits to using the same services. In addition to being able to dynamically inject a local number into a script, call optimization services provide a number of other features, including tracking calls and call analytics.
Tech support scams are a growing concern. At the end of March, the FBI's Internet Crime Complaint Center (IC3) reported that in 2017 it received 11,000 complaints about tech support fraud. Losses from tech support fraud in 2017 were reported at approximately $15 million, an 86 percent gain over 2016.
This year, Symantec is also seeing a high volume of tech support scams. Symantec reported that for the first six months of 2018, its intrusion prevention system (IPS) technology blocked more than 93 million tech support scams. Of those blocked scams, Thakur estimates that 5 to 10 percent may have used call optimization services.
Tech support scammers' use of call optimization services doesn't make Symantec's detection of scams any harder, according to Thakur.
"Such techniques don’t [have] any negative influence in our detection and blocking strategy," he said. "We don’t base our detection on the sole presence of the optimization code."
Symantec often shares purely technical information about malware with law enforcement bodies that request assistance, Thakur said.
"In the case of these scams using optimization services, law enforcement would be better served by being able to track usage rather than just shutting down the service," he said. "Regardless, we defer to law enforcement bodies on how to best utilize the malware’s shared technical information."
Symantec is constantly looking at ways to improve detection of scams as early as possible. Thakur said a vast majority of the scam pages are detected by Symantec's network protection engine, which is tuned to block web pages when certain conditions are met.
"This just means that the pages are blocked even before someone is presented with the scammer’s message in their browser," he said.
Thakur said Symantec has seen scammers continue to evolve their techniques, ranging from using encryption within their websites to now using call optimization services.
"We believe the scammers will continue to build and optimize their operations in the coming months," he said. "Symantec plans to continue keeping abreast of their developments to make sure end users are protected as best as possible."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.