12

I've seen videos showing how tech support scammers operate. In nearly all of these videos, the scammer instructs their intended victim to install and run remote-control software, which allows the scammer to control the victim's computer. No surprises here. However, in at least some of these videos, the first thing the scammer does when he has control of the victim's computer is to install and run a different remote-control application and use it to connect to his own computer.

For example, in the YouTube videos Destroying Scammers Computer With Virus and Destroying All Computers On Scammers Network, the scammer instructs his victim to install and run Supremo, and then once he is controlling the victim's computer through Supremo, he installs and runs TeamViewer and seemingly uses it to connect to his own computer. (In these two videos, the intended victim is actually a scam-baiter, who exploits the reverse connection by installing and running malware on the scammer's computer.)

I don't understand why the scammers make the reverse connection in the first place. What advantage does this give them?

Psychonaut
  • 615
  • 4
  • 14
  • 1
    Tech support scam are targeting gullible computing user to convince them to "buy support plan" that is useless, which range from $80 to $250. The scam network don't need a tech savvy fleet or even secure their own computer. – mootmoot Aug 09 '18 at 07:16
  • Distributed Denial of Service. – mertmumtaz Aug 09 '18 at 14:29
  • 2
    I believe it has something to do with warnings on Teamviewer when you try to create a connection to areas where they know scams originate. – JMac Sep 27 '18 at 17:24
  • @JMac: So why use TeamViewer at all then? Why not use the existing Supremo connection? – Psychonaut Sep 28 '18 at 06:53
  • @Psychonaut That I would have to do more research on. I assume it has something to do with available features or something similar. – JMac Sep 28 '18 at 18:43
  • I suppose, it is to get you to login to your banking account, PayPal or whatever, from THEIR computer, where they have more access. – AL-Kateb Mar 24 '19 at 16:36
  • They can run a [key-logger](https://en.wikipedia.org/wiki/Keystroke_logging) in the background on their machine, to grab your passwords. They could probably also try to run it on your machine, but they'd have to hide what they are doing more carefully. – Jan Christoph Terasa Sep 15 '20 at 22:37

2 Answers2

19

TeamViewer has noticed that scammers often come from India (or other places where scams often originate), and so when you get an incoming connection from India TeamViewer will give you a warning saying that this could be a scam. If the scammer can get the victim to connect to the scammer's computer first and then reverse the connection (by clicking a button that says "switch sides with partner"), TeamViewer's warning is skipped and the victim still doesn't know it's a scammer. The scammers want to use TeamViewer because it has the ability to blacken the victims screen so the victim cannot see what the scammer is doing.

A Youtube reference

menney
  • 306
  • 2
  • 4
1

It may be that he is not connecting back to hes own pc but to a second victim, who is the actual victim. Having the attack look like it came from the first victim, he distances himself from the crime.

peterh
  • 2,938
  • 6
  • 25
  • 31
MLA
  • 11
  • 1
  • 3
    This makes sense as a scamming tactic, but it doesn't really jibe with the videos I've seen. When a scam-baiter exploits the (apparently) reverse connection, the scammer often becomes apoplectic. Why would the scammer care so much if it's only a second victim's computer that's getting trashed? – Psychonaut Feb 19 '19 at 21:26