These tech-support scammers are fairly advanced and really tech-savvy. I work for a VoIP provider and have dealt with them in the past (sometimes even now).
Here's some information based on my experiences over the years.
1. The way they trap their victims varies a lot.
- Some have access to lists that contain the name, physical address, contact info of regular people. They'll cold call them posing as someone who has a reason to call them (tax authorities, customer support for Apple, Microsoft, etc) and tell them that there's something wrong with their taxes, computer, etc.
- They also use SEO to their advantage - they sometimes open help threads in forums for Microsoft, PayPal, etc with text that shows up when someone searches for "microsoft support number" or something similar on Google, Bing, etc. Many of them have legitimate looking websites with different plans and service offerings as well.
- They also use ad-networks (similar to Google Adwords) to display misleading ads on different websites. Like 'Click here for a free virus scan' and so on. The victim clicks on it and is led to a pop-up that displays some scary warning signs and a phone number to call.
- They're also known to craft phishing emails that look almost real to the untrained eye. The email typically says that the person needs to take an action to ensure their card isn't blocked or something equally scary. This action is usually calling a phone number and entering their card info via DTMF or logging into a fake website.
Many small companies do not take the effort to secure their domains using SPF, DKIM, etc which makes it easier for scammers to spoof emails.
2. Once the intended victim interacts with them, they'll basically try to overwhelm the person with lots of information so that they agree to whatever the scammer says.
They do this by providing a lot of "technical" information using a lot of "technical jargon" (which to a trained professional would sound really funny). They rely on the fact that most people aren't tech-savvy and even if 1 out of 100 calls they make leads to being paid - that is more than enough to cover the costs of at least 1000s of more such calls.
3. Stopping them and bring them to justice is possible - but it is extremely time consuming.
You're dealing with multiple agencies in multiple countries and not all of them are equally responsive. Sometimes local privacy laws make it impossible for companies to share information with police from a different country directly.
I've dealt with law enforcement from various countries investigating these scams. Most of my communication with the police from US, UK, France, & Germany has been great. They understand how the scam works, even have a basic grasp of the technical stuff that goes on behind the scenes. They know what information they need and how they can get it.
I have also communicated with a couple of Cyber Crime departments from India as well. Unfortunately, the communication with them was different - and not in a good way. Most of the times it seemed that the person in contact with us didn't really have a firm grasp of what was going on (how can they trace the scammer, where can they get information, etc). I don't blame the person though - most likely they've never been trained on something like this.
This is what these fraudsters bank on - the fact that it is difficult to investigate these crimes
and that people and local law enforcement isn't as tech-savvy as them.
Sorry for spamming the thread - just thought I'd share some insights.
PS: If you're interested - have a look at 419eater.com. There's some really funny stories (and photos of scammers) in there.