Thursday 25 September 16:00 - 16:30, Red room.Jérôme Segura Malwarebytes download slides (PDF) Tech support scams have been going on for a long time, and despite all the attention they've received, they are only getting worse. The classic fake Microsoft cold call is no longer the only technique used, as it is far more effective to have marks call with a problem. Scammers are diversifying their persona using deceptive ads and pop-ups, phishing scams, and even targeted campaigns for special events such as the end of the tax season. As the scams get more sophisticated (Mac OS and Android are on their list too), the risks for potential victims have increased. Documented instances show that while 'scanning' the computer for viruses, the crooks scrape any personal documents they can lay their hands on, opening the door for disastrous identity theft issues. While education and awareness go a long way to reducing the number of victims, security researchers can help out too. This paper will show how to build your own honeypot to collect everything the scammers download on the machine and track their geolocation down to real-world coordinates - even when remote software logs are disabled or the connection is routed through a proxy. Finally, I will present real intelligence collected using the previously described honeypot.