When Scammers Fill the Tech Support Void

Who hasn’t spent an hour or two searching for the contact information for tech support for an app or website we use regularly? We all have.

I still haven’t figured out why those companies that provide tech support tend to hide the connectivity to these saviors of their brand in the weeds of the website, but they do, and we search—and sometimes we strike gold.

Then there are those companies that simply don’t have tech support or limit their tech support to one avenue of approach—perhaps it is a web forum or a chat window. It is certainly economical to use online forums and chatbots as the means to engage. But some of us like to talk to humans and so we search for the phone number.

It should not surprise any that in those gaps of tech support lurks the underbelly of the internet ecosystem, where customers of entities big and small are getting hosed, taken and scammed by others.

How Filling the Tech Support Void Works

Martin MacDonald at WebMarketing School shared the example of the weaponization of the search engine results algorithm and Spotify. Spotify does not have a customer support number. Yet, when MacDonald went searching, one appeared. The “zero result” produced a result.

That number belongs to an unknown miscreant. I searched Spotify’s “About Us” page while writing this piece and see no telephone numbers provided. In this instance, MacDonald explained, the clever scammer searched for the number he or she wanted the search engine to detect—that search was within Spotify’s internal community, which is indexed by the search engines. And here is the result in the image below.

Security Boulevard - Tech Support Scam

This clever bit of algorithm manipulation isn’t limited to just companies. The good folks at LiveOverFlow noted that seeding a support number into SlideShare and other help/support forums continues at a rapid clip—again manipulating that black magic of search engine optimization (SEO) to get the unsuspecting to click and engage.

As you can see, in the above Tweet, an enterprising ne’er-do-well has seeded their toll-free number into a number of environments, and it shows up as a support number for iCloud, LinkedIn, SlideShare, Google and more.

What Can Companies and Services Do?

What can companies do to help their customers find their support path and not fall into the hands of criminals who are viewing those gaps as a continuous source of raw meat for the taking?

For one, companies should be clear, concise and unambiguous. Instead of simply not having a phone number or email address for confused customers/clients, make it clear that no number exists. In big letters! “We do not have a telephone support line, we support you with …”

And perhaps most importantly, companies shouldn’t hide the ways and means by which customers can contact them. That little bit of assistance may be the ticket to a long-term relationship with their customers.

What Can Users Do?

The Internet Crimes Complaint Center noted that in 2017, “… the IC3 received approximately 11,000 complaints related to tech support fraud. The claimed losses amounted to nearly $15 million, which represented an 86% increase in losses from 2016.” Contact the IC3 should you believe you have been a victim or if an attempt has been made to defraud you. Your input weaves its way into the information the IC3 shares widely.

Featured eBook
Automating Open Source Security: A SANS Product Review of WhiteSource

Automating Open Source Security: A SANS Product Review of WhiteSource

Many sources indicate that 60–80 percent of code in applications today is based on open source components. This open source code often includes vulnerabilities that, if not managed properly, can expose organizations to potential breaches. This paper takes a close look at how WhiteSource can automate the process of open source component vulnerability detection, remediation, ... Read More
WhiteSource

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 68 posts and counting.See all posts by burgesschristopher

One thought on “When Scammers Fill the Tech Support Void

Comments are closed.