FUTR.tv a weekly interview podcast talking with the innovators who are building the future

View Original

Think It Can't Happen To You, You're Wrong - Tech Support Scam's Near Disaster

People think it can’t happen to them, but I am here to tell you it can happen to anyone. What am I going on about? I’m talking about phishing. Phishing is one of the major attack vectors for everything from Internet scams to major Nation state ransomware attacks.

Now there are Phishing attacks that are more like carpet bombing your targets. They are email crafted to deceive, without any, or much knowledge about the targeted individual. Then there are spearphishing attacks which are crafted to attack a specific high value target, that often include personal details to make the attack more convincing.

I want to highlight a YouTuber you may or may not know about, Jim Browning. He has a very successful channel with 3.4 million subscribers where he reverse hacks some of these tech support scam call centers that bilk money out of vulnerable people.

These scammers convince people to install remote control software on their computers so that the scammer can take over the victim’s computer. He has a honeypot system he uses and then uses the remote control software to open up a connection to the scammers computer which allows him to take control of their computer.

While pretending to play along, he is gathering data about the attackers, finding all of their internal documents, and sometimes even breaking into the call center cameras. It is really amazing stuff to see, and I encourage you to check his channel out, I will put a link here and in the description

However, in July, Jim ended up getting scammed into deleting his channel. This is not an unsophisticated individual. This is someone who is constantly on the lookout for scams, and is acutely aware of the way that they work. But, everyone can get complacent, and some scams are better crafted than others.In this case, the attacker utilized Google’s own domain to fool Jim.

In fact this is similar to another type of attack in which malicious links are well disguised through the use of homographs. Homographs utilize similar looking characters to confuse the victim into believing they are not being mislead.

Take this instance for example, they both look the same, but one uses the roman “a” Unicode character 0061 and the other uses the Cyrillic character Unicode 0430. There are many characters that can be substituted, that don’t even rely on different languages, like Capital I for an l or a 0 for an O.

I would recommend watching the video, because Jim identifies all the places he made a mistake.

I do however want to point out the one thing that kept him safe, and that is 2 factor authentication. They might have been able to get his credentials eventually, but they would not have been able to get access because 2 factor would have prevented it. As it was, he ended up deleting his channel, which is a pretty significant problem for someone with 3.4 million subscribers, but in the end he was able to recover from almost everything that happened.

So if you are not using 2 factor auth, this is a good time to start.


Jim Browning's Channel:
https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw Channel

My Channel Was Deleted... HOW?
https://youtu.be/YIWV5fSaUB8 Video


See this content in the original post


FUTRtech focuses on startups, innovation, culture and the business of emerging tech with weekly video podcasts where Chris Brandt and Sandesh Patel talk with Industry leaders and deep thinkers.