New & interesting scam

[Tony1044]

Hi folks,

Thought I'd give you the heads up on a relatively new scam doing the rounds.

One of my neighbours got a phone call last night telling them that their computer was horribly infected with malware and viruses. But hey, don't worry it could be sorted out with a bit of remote access and the payment of £95.

Unfortunately, they allowed themselves to be talked into allowing the remote access but didn't give out any financial details.

Equally fortunately, they don't do anything like internet banking on this particular machine.

This company "Global IT something or other" called back today. Fortunately my neighbour had the wherewithal to phone and ask my advice - they called me on their mobile while this company were on the other line.

So I popped down and talked to them.

First off - I thought I'd play along a little to see where we went:

Me: "Wow...looks like we were lucky this time! How did you find out the computer was so badly infected"

Them: "Our systems remotely picked it up"

Me: "Really? You can do that?"

Them: "Yes of course. Our systems are the most advanced in the world. Microsoft use us too you know".

Me: "Wow! So you wrote Microsoft Security Essentials?"

Them: "Well we did bits of it..."

Me: "Ok - so tell me something. What is your company registration number? Where are you based, because you and every voice I can hear behind you is Indian. Having worked for Microsoft, I can tell you that although they did indeed buy in MS Defender, NO external companies have contributed to the code in over 5 years".

Them "Well, well well...you think you know what you are talking about? Go to our website to look us up!"

Me "..."

Them "Go on! It is all there"

Me "You really are dim. Don't call back. I will inform the police of your attempted scam."

They then hung up.

I now have the computer in my possession and I'm doing a bit of a forensic analysis but I doubt they've left any real tracks. I will also boot to a live Antivirus disc and ensure it isn't infected with anything.

So having done a bit of research on this since, I can see this is being used quite frequently and has some common parameters:

1 - They will ask you to install a genuine remote control package such as team viewer. These are not in and of themselves actually harmful but will allow full remote control of your system

2 - They often claim to be representatives of Microsoft. Note - Microsoft NEVER cold call on IT support issues

3 - They disable AV & firewall services if they do get in

4 - They always seem to have Indian accents

This is social engineering that plays on the idea that you might risk losing everything if you don't respond. They utilise high pressure scare tactics.

Some typical advice (most if not all I've given here before):

Ask yourself how they got your details. If they're that good, tell them to remotely install the software themselves (they can't or at least shouldn't be able to - if they can, and do, you have bigger problems!).

Were you expecting the call? Most probably not.

Keep your AV products up to date. There's no excuse not to - Avast, Microsoft, AVG, Clam - all offer free AV/Antimalware products.

Keep your Operating System patched. Hackers and criminals use MS's own security patches to reverse engineer what the vulnerability was. More importantly these days are things like Adobe flash, acrobat reader, Java etc - all of these are being used as a wider attack profile because they're installed so widely and some, such as Adobe have historically been poor at fixing known problems*

My own personal favourite - I keep a low ceiling (£500) credit card that I use exclusively for shopping online. If this gets compromised, then at worst I lose £500. If I need to spend more than that on it, I can ask for a one-off extension.

Ok that may not be completely do-able for everyone, but there are top-up credit cards available that you pre-pay on.

Again, this is mostly common sense.

Peace.
*I switched my browser away from IE to FireFox then to Chrome. I now use Opera because it doesn't run scripts or install flash etc by default.