A French security researcher claims to have got his own back on scammers by sending them a virus after they tried to trick him into buying bogus software.
In an effort to waste the tricksters’ time, Ivan Kwiatkowski fooled an agent into downloading ransomware disguised as credit card details.
Scammers often create fake emails, websites and ads urging victims to pay for technical support that can tackle a fake virus.
In this case, the scammers targeted Kwiatkowski’s parents with a fake website claiming their computer had been infected.
Kwiatkowski called the “Windows Help Desk” number listed on the page and started chatting to the assistant about options to remove the virus, including a tech protection subscription costing £260.
He then sent the firm Locky ransomware disguised as a compressed photograph of credit card details, which the assistant opened.
“I respond to email scam attempts most of the time, but this was the first time I responded to one over the telephone,” Mr Kwiatkowski told the BBC.
“I’m curious about how criminals operate and what they’re trying to accomplish.
“More often than not it ends up being fun and there’s social utility in wasting their time. I believe that if more people respond and waste their time, their activities might not be profitable enough to continue.”
Kwiatkowski said the assistant did not confirm that the malware worked. He added that the move was best represented as an “unconfirmed kill”, the BBC reported.
The University of Surrey’s Professor Alan Woodware told the BBC that “hacking back” could have legal repercussions:
“There’s a lot of talk around hacking back - and while it may be very tempting, I think it should be avoided to stay on the right side of the law.
“But wasting their time on the phone I have no problem with. I even do that myself!”
Internet users are advised to be suspicious of web pages purporting to identify viruses and ads masquerading as system messages.
They should avoid links and attachments in emails from unknown senders and contact manufacturers for advice if they think their device is infected.