NOTICE: Posting schedule is irregular. I hope to get back to a regular schedule as the day-job allows.

Wednesday, August 8, 2012

NEWS: Warning about a phone scam. [Full link to blog for email clients.]

This is real.  This is serious.

I got a phone call from my parents today.  They said a "Representative from Microsoft" called to let them know that a virus had been tracked to their computer, and that they "Called to help" secure the computer.

Fortunately, my parents have been using personal computers since the 80's and figured it was a scam from the start.

Thing is, the same folks called back, urging them to act immediately.

The voice had a heavy Indian accent, and the name and number were blocked. 

Here is a good article on the scam:

From the article:
A friend called me to tell me that someone called his house, and using some ruse, convinced his 11 year-old daughter to ‘type in some numbers’ into the Run window,” Ron wrote. “When he got home, he turned the computer off, and we assume that it’s compromised and will need to be reformatted.”

Ron said that not long after that incident, he received a similar call. The woman on the phone told him that she was “the authorized security monitoring service for Microsoft Windows,” and that they had detected that his computer was infected with malware, which naturally he needed to have removed.

“The phone number was a Georgia area code, but I’m pretty sure she was from somewhere in India or Pakistan, based on the delay,  her accent and use of English — she said her name was Nancy,” Ron said. “She was also calling me at 7:30 am.”
In another article (, Kaspersky Lab security researcher David Jacoby tracked the behavior on a clean test machine specifically set up to (A) track what the scammers were doing, and (B) not have any personal info that they could steal.  I'll summarize the steps for you here (in accordance with copyright fair use) but go read the whole article for yourself:

1 - they make common windows functions appear to be unusual: 

"... Jacoby said the woman who called him instructed him to open the Windows Event Manager, so that he could see numerous error messages which she said indicated that his system had been compromised."  Of course it will, that's what event viewer does, and those errors are normal.  

2 - like any good fortune teller, they use information *anyone* could know to make it seem like they are referring only to you: 

"... Jacoby said the scammer then instructed him to execute a DOS command to reveal the system's unique ID and allow her to verify that it was referencing the correct--infected--system. The caller then read out the license ID, and asked Jacoby if it matched the ID he was seeing on his screen. It did, but that was because the DOS command he'd run revealed the ID for a file extension that ships on all Windows PCs"
3 - they give an instruction that will have a known result, to scare the customer:P

"... The caller then instructed him to run the "verify" DOS command to see if his Windows license could be verified, and said that an "off" setting--which Jacoby saw--would indicate that the license couldn't be verified. "  Not really.  The 'Off' setting is for another purpose entirely (disc-write verification). 

4 - they play on emotion and fear:
"... Jacoby said the caller began "screaming 'oh my god!' in my ear, she was super upset that my license was not verified; according to her this meant that no security patches could be installed." Yeah.  Of course, the caller knew the result ahead of time and 
5 - wolves wrapped in sheep's clothing:

After these steps, the caller installed a remote access program that in and of itself was innocuous - its used by many legitimate companies for remote maintenance and customer support - but they lied about the updates and licensing.

6 - and now the hook: 
There's always a hook, and this is the one where they try to get you to pay for something you don't need.  Whether a fake Windows license, a new super antivirus or even just troubleshooting services, the companies really want your credit card and bank info.  Of course, they can get it via the back-door remote access you've just allowed them to install, but it's so much easier if you just give them the number. 
Brian Krebs' KrebsOnSecurity article cited up front mentions issues where the scammers are playing fast and loose with credit card info and trying to mask the  fraudulent nature of their charges ($99-$199).  Jacoby mentions a $250 PayPal charge.  Even if you don't fall for the charges, the information leak from your computer has already happened.

What to do? 

If you receive one of these calls, hang up on them. 

And yet there are reports that the callers won't let up... "Why did you hang up on me?" one caller wailed, "This is important!"

In that case, I recommend that you turn on your answering machine, then tell them you have done so in order to report them to the FBI.  That should end the call right away. 

If you've already had this happen, have your computer checked by a IT security professional - but the important part is this:

YOU call THEM.  

In the meantime: be safe, protect your brain, your computer... and your identity.

No comments:

Post a Comment

Please add comment - no links, spammers will be banned.