Understanding, Measuring, and Detecting Modern Technical Support Scams.

Technical support scams (TSS) are social engineering attacks that aim to exploit users that have limited knowledge about technology, such as the elderly, causing significant financial loss to vulnerable citizens. The security community has attempted to respond to these web-based scams with different countermeasures. However, to the best of our knowledge, no robust countermeasures have been proposed thus far to defend against modern TSS campaigns that abuse web search engines to inflate their rankings in search results and lure many potential victims. To defend against these TSS attacks, in this paper we first study the TSS ecosystem, with particular focus on how modern TSS campaigns are operated and promoted on the web. Then, we capitalize on our findings by proposing a novel detection system named TASR that can be used to differentiate TSS websites from legitimate technical support websites in a topic-agnostic way, by leveraging features that capture key traits of how TSS web pages are promoted. Our cross-validation tests show that TASR can detect 94.5% of the TSS links in web search results at a false positive rate of less than 1%, significantly outperforming previous work.