Nick Nikiforakis receives $67k from Cyber Research Institute to study Tools and Techniques for Understanding and Detecting Technical Support Scams.
One of the most recent and understudied social engineering attacks targeting every day web users are technical support scams. In a technical support scam, potential victims are contacted by scammers who pose as technicians from large software companies. The scammers attempt to convince users to willingly provide remote access to their machine, and, if the scammer successfully convinces them that they are indeed infected, pay the scammer a malware-removal fee in the range of hundreds of dollars. This scam has become so prevalent that the Internet Crime Complaint Center released a Public Service Announcement in November 2014 warning users about technical support scams.
Even though their techniques are simple, technical support scams incur a total cost of hundreds of millions of dollars on a yearly basis. In our work, we will comprehensively study the social engineering techniques used by scammers and then use this knowledge to build defense systems that can detect and stop in-progress scams.