In recent years, cyber crimes have become increasingly sophisticated with the advancement of digitalization, seriously affecting individuals and businesses. Among them, malicious "support scams," in which people are tricked into paying money by pretending to provide support for computer problems, are rapidly increasing in number of victims. These scams are also called "technical support scams" or "technical support (tech support) scams," and the number of victims of these scams is growing worldwide, and is continuing to grow in Japan as well.
This section provides a detailed explanation of the definition of support fraud, its sophisticated techniques, the current status of damage and social background, and specific countermeasures that companies and individuals should take.
What is support fraud? Basic Definition and Purpose
A "support scam" is a type of fraud in which a person pretends to offer technical support through "fake error messages" or "fake help desk advertisements" that pop up on a web page. It is a fraud scheme in which a person is led to believe that there is a "false problem" (e.g., malware infection) with his/her computer or mobile device, and is then asked to pay money in exchange for solving the "false problem.
The money is generally exchanged in the form of gift cards, which are difficult to trace and lack consumer protection. Cryptocurrencies and bank transfers are also sometimes used. The Metropolitan Police Department defines support fraud as "fictitious billing fraud," a special fraud technique.
Sophisticated methods of support scams and how they are deployed
Support scams are deployed using various credit fraud techniques, such as social engineering.
Step 1: Inducement
The user is directed to the "support scam" website through various channels.
[Fake pop-up ads
Through virus-infected websites or cybersquatting (forgery of legitimate sites), they display pop-ups that resemble legitimate error messages, such as a blue screen, and freeze your web browser.
Telemarketing.
Sometimes these are done by robocalls posing as legitimate companies, such as Microsoft or Apple.
Search-based advertising
Keyword ads on major search engines are used to purchase keywords such as "Microsoft Support" to direct the user to a web page containing the phone number of the fraudulent organization.
Step 2: Trust
The victim is asked to download and install a remote access program such asTeamViewer orAnyDesk to help resolve computer problems remotely. These programs take control of the device.
Once the device is operational, the criminals convince the victim that the computer has a problem that needs to be fixed by using the following techniques
Step 3: Remote Control
Pointing to Windows Event Viewer logs (notifications that actually have little impact) and claiming "malware infection" or "repair needed".
Pretends that the contents of Windows Prefetch folders, attachments folders, etc. are "evidence of malware" and that the garbled information from opening harmless binary files with Notepad is "evidence of file corruption. They may also claim disabled Windows services as evidence of a system problem.
They may force you to run a file listing command or other command at the command prompt ( cmd.exe ) and type error messages under the guise of a "malware scan.
Step 4: Fraud
The attacker exploits registry values or Windows feature UUIDs, falsely claiming that they are device-specific security IDs and demanding an "update fee".
If the victim refuses to pay, the criminals may resort to theft, fraud, extortion, and even criminal threats. They may also lock the device, rendering it unusable, and force payment.
Why is there no end to support fraud? Origins and Social Background
Support scams have been known to occur as far back as 2008; a 2017 study found that 85% ofIPs used in scams were from India, 7% from the United States, and 3% from Costa Rica.
It is reported that job seekers are often lured into support scam jobs, especially in India, where employment is scarce. Many job seekers are initially unaware that they are involved in fraudulent work, and even when they realize the nature of the work, they often continue to be involved in the crime because they feel it is too late to quit.
Actual Damage Caused by Support Fraud and Cautions for Japanese Companies
According to a police survey, the number of support fraud cases in Japan will reach 1,524 by 2024, and the total amount of damage will be as high as 1 billion yen. In addition, there were just under 1,800 cases of consultation between April and June of2024, a record high.
Trend Micro reported that support fraud sites were accessed from Japan more than 9 million times during the year 2023, and inquiries to support centers reached 1,665 in the fourth quarter of 2023, a 3.5-fold increase from the same period last year and the highest number ever recorded.
The Millennium Generation and Generation Z are said to have the highest rate of encountering support fraud, but the highest rate of actual victimization is said to be among seniors aged 50 and over, who have low IT literacy.
Companies need to be aware of the potential for serious damage such as leakage of confidential information, unauthorized access to internal systems, and work stoppages if their employees fall victim to support fraud. To combat increasingly sophisticated support fraud from both corporate and individual perspectives, it is important to improve organizational cooperation and individual literacy.
Organizational measures and cooperation with law enforcement
Microsoft and Google are working to eliminate fake technical support ads by limiting related ads, implementing new verification systems, and taking legal action against fraudulent organizations.
In addition, Microsoft's Digital Cr ime Unit (DCU ) works closely with international law enforcement agencies such as the Japan Cybercrime Center (JC3 ), the National Police Agency (NPA) of Japan, and the Central Bureau of Investigation (CBI) of India to uncover international fraud networks.
DCU is moving to a strategy of targeting the entire fraud ecosystem (pop-up creators, SEOs, payment agents, talent suppliers, etc.) and neutralizing the top organizational structures and technology infrastructure itself.
To counter criminals who are leveraging generative AI to increase the scale of their scams, the DCU is stepping up its use of AI and other cutting-edge technologies.
Support fraud countermeasures that individuals can take
Companies such as Microsoft and apple do not send emails or make phone calls without notice for the purpose of seeking personal or financial information. Nor will they contact you in the name of technical support to fix a problem with your computer.
If a fraudulent screen appears on your computer or phone, it is important not to call easily and to try to close your browser ( e.g., press and hold the ESC key).
Cybercrime Prevention by FRONTEO
FRONTEO is a pioneer in the legal tech AI industry, having provided e-discovery support in international litigation and fraud investigation (forensics) services for domestic companies since its establishment in 2003.
Our proprietary AI engine, KIBIT, learns from the experience, wisdom, and senses of experts and extracts meaningful and important information from a vast amount of data to support high-level decision making. In e-discovery and digital forensics in international litigation, KIBIT contributes to significant efficiency and quality improvement in the review process of finding documents related to evidence from vast amounts of data. As a pioneer in legal tech utilizing AI technology, we have also been supporting corporate cybersecurity measures for many years. We have a wealth of cybersecurity-related forensic and information security investigation cases, including investigations of personal information leaks due to malware infection and operation log investigations related to the removal of confidential corporate information.
With regard to support fraud, we also provide speedy response with our know-how cultivated through forensic investigations and cyber security measures. If you have received a support fraud pop-up message or installed a suspicious application, please contact us. We will provide you with appropriate assistance to determine the extent of the damage and how to respond.
