2016 saw a lot of different types of scams prey on unsuspecting users. Some achieved greater prevalence than others. One of those was the tech support scam, a ruse where a fraudster calls a victim while impersonating a customer support representative from a well-known technology company. They tell the victim their computer is infected with malware and that they must purchase specific software to fix the problem. In the best case, this software does absolutely nothing but robs the victim of hundreds of dollars. In the worst case, it’s malware that enables the representative to retain access to the victim’s computer.Just like other aspects of digital security, tech support scams aren’t static creatures; they’ve evolved over the years. We’ve seen some ploys behave like ransomware. Others have impersonated a victim’s Internet Service Provider. And others still have abused vulnerabilities to create a denial of service condition, thereby crashing victims’ machines.After years of helping victims recover from these dynamic threats, security researchers have had enough with tech support scams. It’s therefore no wonder some of them are coming up with ways to combat fraudsters who perpetrate these artifices onto others. Not unlike what [email protected] does with email spammers, most of these methods aim to waste scammers’ time. Those that succeed often do so quite creatively.Let’s look at one of these anti-tech support scam initiatives.“Could You Start Over?”Jolly Roger Telephone Company isn’t like other telephone providers. This entity specializes in creating bots that blend artificial intelligence and pre-recorded phrases together all for the sake of “talking” with inbound telemarketer scammers. In most cases, the bots waste several minutes of the scammers’ time before the fraudsters catch on and disconnect.Here’s how Jolly Roger characterizes its services:“These merciless organizations have technology on their side with robotic auto-dialers, robotic soundboards, and an array of other tools …but they have no morals. Their weak spot is that they need human agents to talk to you when you answer. So the only way to stop this intrusive industry is waste their precious human resource – to hit them in the ‘cost of labor’. Now by subscribing to the Jolly Roger Telephone Co. you can get help rid the world of telephone scammers!”Every bot appears to follow a predesigned formula. When the scammer doesn’t talk for a certain period, the bot will produce a pre-recorded “Hello?” phrase. This has a bonus of making the fraudsters think their victim can’t hear them. Alternatively, when the scammer talks, the bot usually responds with a “Yes,” “Mhm,” or similar phrase designed to convince the fraudster they are engaged in the conversation. The AI occasionally mentions “computer viruses” and other problems to keep the telemarketer on the hook. But just as frequently, the bot mentions some distraction that supposedly prevented them from concentrating and requests that they start over, setting the whole process in motion again from the beginning.Here’s a transcript of one of the calls recorded by Jolly Roger:“How can I help you?”
“Sir, you called me. Is there anything else I can help you with?”
“Yes, tell me.”
“Hang on a second. Hang on. There’s a bunch going on here. Hang on. Okay, sorry. Go ahead. Who’s this? What are you calling about again?”
“I’m not calling you. You’re calling me, sir. You’re talking to a Microsoft certified technician. I’m an online technician.”
“Yes, how can I help you?”
“You know, I was having trouble concentrating because you sound exactly like someone I went to high school with. Sorry say that part again.”
“I said, ‘May I know the reason of your call?’”
“Yes, why did you call me?”
“Thank you very much for your wasteful time. Thank you.”
“Okay. Sure. Hello? Hello? Hello? …”Those random interjections take many forms. Sometimes they’re short and commonplace, such as when the bot discusses the weather or recalls a family vacation. Others are more dramatic and drawn out. In one call, the bot says they didn’t hear a word the scammer said because they were “tripping out” while looking at a candle flame. During another call, it sounds like the bot is a mother who’s fighting with her teenage daughter.And then there’s the “bee thing” that one bot brought up:“Why did you dial my number?”
“Oh geez, hang on. There’s a bee on me. Hang on. There’s a bee on my arm. Okay, you know what? I’m not going to talk. You keep talking. Say that part again, and I’m just going to stay quiet because of this bee. It’s totally crawling up my arm. It’s crawling on my arm. It’s freaking me out. But it’s not mad. I guess it’s okay. Anyway, so sorry. You keep talking. Go ahead. Keep talking. Okay, it’s gone. Okay, so you know when I said I was listening to you during the bee thing? Actually, I was just concentrating on the bee. Sorry, could you start over? What were you saying during the bee? Mhm.”
“Sir, are you talking to me?”As would be expected, the scammers’ initial politeness doesn’t take long to turn into something else. Some get annoyed, raise their voice, and demand why the person is calling. Others mock the bots with mimicry or curse the caller outScamming the ScammerInterested users can purchase a “subscription” to Jolly Roger. If a scammer calls them, they can forward the number to the company, which will respond with a bot. Jolly Roger will then send over a transcript and an audio recording of what transpired. Users with a little more disposable income (around $180) can even pay to record with Jolly Roger as a new bot.
For its part, Jolly Roger Telephone Company will no doubt improve upon its service. Some have suggested that the bots incorporate common Microsoft support issues to further bait the fraudsters. Observing how the fraudsters respond to those prompts could help Jolly Roger build better scripts for the future.Jolly Roger has also vowed to prevent its technology from falling into the wrong hands. We thank them for that and can’t wait to see how these bots evolve over the next few years.Do you have a funny story involving a tech support scammer? If so, let us know in the comments!