A security researcher from France is giving cybercriminals a taste of their own medicine.
In a recent blog post, Ivan Kwiatkowski explained how he tricked a tech support scammer into installing ransomware.
Tech support scams — where hackers try to scam victims with a phone call, email or pop-up about a nonexistent problem that will cost a hefty sum to “fix” — tricked an estimated 3.3 million people in the U.S. last year and earned cybercriminals more than $1.5 billion, CNET reported on Tuesday (Aug. 16).
When Kwiatkowski’s own parents received the well-known scam, he decided to take matter into his own hands and teach the scammers a lesson.
According to CNET, Kwiatkowski used a virtual machine to fool the “tech support” representative at the phone number given to his parents. The person directed him to download a remote assistant that would provide the service rep with access to files on the virtual machine.
Soon after accessing the virtual machine, the rep began to encourage Kwiatkowski to pay $190 for software needed to “repair” the so-called “Zeus” virus infection that was “distributed only through Microsoft’s premium partners and Microsoft’s secure channels,” his blog explained.
“Oh, so I just have to get it from Microsoft.com, then?” Kwiatkowski asked the rep. To which she replied, “Yes,” and shortly after ended the call when it was clear Kwiatkowski wasn’t taking the bait.
Later on, Kwiatkowski called the scammers back and spoke with a different representative, who he began supplying fake credit card numbers to when they tried to sell him the software package again.
“That’s when I’m hit by a stroke of genius,” he said in his blog post.
Kwiatkowski used a sample of the latest Lochy ransomware and emailed it to the tech support, telling them that it was a picture of his credit card. The ransomware encrypted the files on the representative’s machine and also allowed Kwiatkowski to waste the scammers’ time, which he said was his main goal.
“Scammers don’t have the time to separate legitimate [victims] from the ones who just pretend,” he explained. “Their business model relies on the fact that only gullible people will reply.”