If your computer starts beeping and tells you to call technical support, chances are you are the victim of a scam. This is just one of many deceptive tricks Dr. Nick Nikiforakis, an assistant professor in Stony Brook’s department of computer science, discussed during his “Why Hack When You Can Scam” lecture on Saturday, Oct. 14 in the new Computer Science Building.
An author of the paper “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,” Nikiforakis shared how cybercriminals try to convince users that their computers are infected and in need of costly technical support.
Unlike hacking, where the vulnerabilities of programs are exploited, scamming relies more on social engineering, Nikiforakis said. “Scamming actually does not attack the program, it attacks the person behind the program.”
Every year, tens of millions of dollars are lost due to technical support scams, Nikiforakis said. The type of scams his study focused on were web-based malicious ads, where web pages are disguised as warning messages from the operating system.
“These will be pages that will tell us we have viruses, malware, problems,” he said. “Our disk will be deleted unless we call the number right now and be connected to technical support.”
Technical support scam pages often imitate the themes of computer systems, browsers and antivirus software, sometimes with red and blue backgrounds behind official-sounding messages with fabricated error codes telling users to call toll-free numbers, Nikiforakis said.
Sometimes audio is incorporated into scam pages to lure in unsuspecting users. A “security message” complete with high-pitch beeping noises will play, urging victims to call the number provided. Once users fall into the trap and call the number, scammers will tell them to go through system diagnostics. From there, the perpetrator will try to convince users that they have found problems with their computer, and that the only way to solve them is to pay for services ranging from $69 to $1,000, Nikiforakis said.
His advice for the audience was to switch from browsers like Internet Explorer to more modern ones, like Chrome or Firefox. He also suggested installing AdBlock browser extensions. He noted that trusted websites could be whitelisted using such extensions, which would allow them to display advertisements.
“If you’re exposed to a technical support scam, if your computer starts beeping and saying things and showing you windows, the first thing you should do is not panic,” he said. “There’s very little that these websites can do on your computer unless you help them do it.”
If stuck in a situation like this, he suggested closing the web page or browser, and restarting the computer after saving all unsaved work.
Sanjay Singhal, a Stony Brook alumnus and the chief operating officer of a satellite and terrestrial company called SintelSat, said that he is interested in human elements of cybersecurity, including threats that come from within the organization.
“Out of every scam, you know there’s somebody, a person, or a group of people who are doing that scam, right?” Singhal said. “It’s not the computer who decides to scam you one day… until we get to that next stage of robotics.”
Scams are not attacks on machines, Nikiforakis said. Instead they are attacks on humans.
“Because the person is typically the weakest link in the system.”