In this paper, we perform a three-pronged analysis of the increasingly serious problem of technical support scams. First, we build a reliable, distributed crawling infrastructure that can identify technical support scam pages and use it to collect technical support scam pages from websites known to participate in malvertising activities. By deploying this infrastructure, in a period of 250 days, we discover 8,698 unique domain names involved in technical support scams, claiming that users are infected and urging them to call one of the 1,581 collected phone numbers. To the best of our knowledge, our system is the first one that can automatically discover hundreds of domains and numbers belonging to technical support scammers every week, without relying on manual labor or crowdsourcing, which appear to be the main methods of collecting instances of technical support scams used by the industry… The full report is here.
This is possibly overkill just to learn more about these scams, but the detail included is more interesting than you may expect.