5 Attachment(s)
Inside an International Tech-Support Scam
Inside an International Tech-Support Scam
How a computer hacker infiltrated a phone scam operation — exposing fraudsters and their schemes
One night that spring, his curiosity got the better of him. “It was part nosiness and part intellectual curiosity,” Jim said. “I'm a problem solver and I wanted to get to the bottom of what these people wanted.” So he returned one of the calls.
The person who answered asked if he could access Jim's computer to diagnose the problem. Jim granted access, but he was ready; he had created a “virtual computer” within his computer, a walled-off digital domain that kept Jim's personal information and key operations safe and secure. As he played along with the caller, Jim recorded the conversation and activity on his Trojan horse setup to find out what he was up to. It took mere moments to confirm his hunch: It was a scam.
Attachment 38339
Intrigued by the experience, Jim started spending his evenings getting telephone scammers online, playing the dupe, recording the interactions and then posting videos of the encounters on YouTube. It became, if not a second career, an avocation—after-dinner entertainment exposing “tech support” scammers who try to scare us into paying for unnecessary repairs.
Attachment 38340
Then one day in 2018, Jim's evening forays took an unexpected turn. A tech support scammer called from India and went through the normal spiel, but then he asked Jim to do something unusual: to log in to the scammer's computer using a remote-access software program called TeamViewer. Later on, Jim found out why: The developers of TeamViewer had discovered that criminals in India were abusing their software, so they temporarily banned its use from computers initiating connections from India. But there was a loophole: It didn't stop scammers from asking U.S. and U.K. consumers like Jim to initiate access into computers in India.
Hence, the scammer's request. The voice on the phone talked Jim through the connection process, then told him to initiate a “switch sides” function so the caller could “be in charge” and look through Jim's computer. Presented with this opportunity, Jim acted quickly. Instead of “switching sides,” he took control of the criminal's computer and locked the scammer out of his own computer. Lo and behold, mild-mannered programmer Jim Browning had complete access to all of the scammer's files and software. And he was able to see everything the scammer was frantically trying to do to regain control.
This bit of digital jujitsu changed everything. Over the next few months, Jim figured out ways to infiltrate the computers of almost every scammer who tried to victimize him. “My process worked on almost every remote access program out there, certainly the ones most popular with scammers, like TeamViewer, AnyDesk or FastSupport.” He also figured out how to secretly install software that recorded what the scammers were doing — without them even knowing it.
Suddenly, Jim was sitting on some powerful knowledge. But as Spider-Man was told, with great power comes great responsibility. Jim wondered, What should I do with what I've learned?
Attachment 38341
Attachment 38342
Attachment 38343
Inside an International Tech-Support Scam (aarp.org)
https://youtu.be/Xvjjpzyiig4