Jump to content

Scam in action!


BamSec1

Recommended Posts

  • SuperModerator

Scam in action!

In a brazen scam attempt, you may get a phone call from someone claiming to be your ISP or other service provider to "help" you with your Windows problems. Don't fall for it!
What follows is an increasingly commonly-attempted scam. Fortunately, the person reporting it had the right instincts and was able to avoid getting taken.
Let's look at the transcript provided, and I'll identify all of the warning signs with [notes] as we go.

The "your computer is causing problems" scam
Before we get into the specifics of this example, I want to clarify that this scam has become increasingly widespread, and has many variants. In the five years since this article was originally published, it's clear that it's happening more and more often, and many people are falling for it.

While this example is a call from "your ISP", variations include scammers claiming to be calling from Microsoft, from "the internet", from security firms, and from other reputable-sounding organizations.

Except they're not reputable at all. They lie. It's a scam. They are not who they say they are at all. Don't fall for it!

If you take away only one thing from this example, let it be this: always be suspicious when someone calls you. You have no way to confirm that they are who they say they are. There are some tips on what steps to take in a moment.

The scam in action - The conversation (with names changed) went like this:
Caller: "Mr. Smith? We have your address as [correct address given], and we have your telephone number, otherwise we'd not be able to call you. For security purposes, would you give me your first name, please?"

Smith: "You should have that on your records." [1]

Caller: "Yes, but this is to check that you are Mr. Smith."

Smith: "I don't think that is necessary - I answered the telephone. What is this all about?"

Caller: "This is your ISP. [2] We seem to be having some problems with your account. Have you been having trouble with programs crashing recently?" [3]

Smith: "Yes, of course!"

Caller: "Well, when that happens, it sends a message to us [4], and we are getting a lot of these from you, and they are causing us some problems. Also, it is a sign that you may have serious problems with your computer very shortly. We want to help you to solve this problem, which will prevent you having your computer die on you, and it will solve the problems we are having with your messages. We have a team of Microsoft experts here to deal with it."

Smith: "Are you trying to sell me something ?"

Caller: "Oh, NO, Mr. Smith! We just want to help you to sort out the problems; it's part of our service."

Smith: "O.K..."

Caller: "Is your computer turned on?"

Smith: "Yes."

Caller: "Will you go to Start > Run, type in "Eventvwr", and press Enter."

Smith: "O.K."

Caller: "Click on "Application", and you will see lots of Events [5], either Information, Warning, or Error. What is the total shown at the top?"

Smith: "Over 1,700 since 6th January."

Caller: "Wow! Roughly how many of these are Warnings?"

Smith: "I guess about a third?"

Caller: "O.K., now click on System, and tell me the total?"

Smith: "Over 2,800 – again, about a third are Warnings."

Caller: "You see, Mr. Smith, how serious this is?"

Smith: "Is it?"

Caller: "Oh, YES, Mr. Smith! But we can do something about this! I'll hand you over to a colleague who is an expert who can fix it for you."

Expert: "Hello, Mr. Smith! I'm going to help you fix the problems on your computer. I want you to go to Run > Start, type in www.logmein.com [6] and press Enter. Then tell me what you see."

Smith: "It's asking for a six-figure entry code." [7]

Expert: "Ah. Do you have that?"

Smith: "No."

Expert: "Well, that's because your computer is over a year old. You get a year's free support, and this has now lapsed. You will need this six-figure code before we can proceed. Renewal costs $50. May I have your credit card number, please?" [8]

Smith: "Just a moment! Your colleague told me at the start of this call that this was not a sales pitch. Do you want money off me?"

Expert: "Oh, NO, Mr. Smith ! We just want to sort out the problems on your computer! But to do that you must have that six-figure code - etc., etc., etc."

Smith: "Just a minute! I asked, do you want money from me, yes or no?"

Expert: "It's not about money, Mr. Smith, it's about fixing your computer!

Smith: "Is that a yes or a no?"

Expert: "It's a yes."

Smith: "Fine. Good day." CLICK [9].

Observations
[1] Exactly, though they will often ask for something even more personal, like your mother's maiden name or a part of your social security number, with all the obvious risks therein. Hence the warning I started with: recognize that they called you, and never respond with this information.

[2] Your ISP will never say "This is your ISP." They'll identify themselves by name, both the name of the individual calling (which may be meaningless for security purposes) and the actual name of your ISP. However, be aware that stating the correct information doesn't mean they're legit (it's not that difficult to find out someone's ISP), but not telling you at all is a big red flag.

[3] Really, now ... who hasn't? Smile.

[4] No, it doesn't. If a message is sent at all, it's sent to Microsoft or to the vendor of the software that's having a problem.

[5] Yes, you will. In fact, we all will. The event viewer is kind of a mess, and having lots of events, even errors, is not an indication that things are about to go bad.

[6] Important: logmein.com is a legitimate company and website, and they have nothing to do with this scam. Other services besides logmein have been used as well. They provide a "remote access" service: the ability to log in to someone else's computer across the internet.

[7] It's unclear, but this is one of two possible targets of the scam. Once the appropriate code is entered (provided by the scammer, of course), they can access your computer remotely. With that access, they could install all types of malicious software, including continued remote access, without your further assistance or knowledge.

[8] Bingo. This is likely the other target of the scam: to get you to divulge your credit card information.

[9] Handled excellently. This is exactly the correct response.

I think of it as phone phishing.

Note...
After you hang up, they may call back. In fact, I've heard of the scammers becoming verbally abusive if you don't follow their instructions. I can only assume they do this because for some subset of potential victims, it causes the victim to capitulate to the scammer's demands. Don't fall for it.

How to not fall for the scam
There were many red flags in this conversation. Given the amount of information that's likely publicly available about each of us, it's not that hard to put together a convincing-sounding story – but that story will have holes. You must watch for them.

Here are my important take-aways from this example:
★ Always be suspicious when they call you. One solution: ask for a number at which you can call them, and then research that number (Google's been fairly useful for this). Alternatively, call your ISP yourself, using only phone numbers you find in information your ISP previously provided, and ask if this number, person, or scenario is something they know about.
★ Never give your credit card or other personal information to someone who called you - at least not unless you're absolutely positively certain you know who they are. If needed, get a call-back number. That way, even if it still turns out to be a scam, you'll have that to give to the police.
★ Be suspicious of instructions to visit web sites. They may be legitimate - if you call your ISP's tech-support line, for example, they're likely to have you do things like that. However, until you're certain you know who you're talking to, don't.

If you get called, and you're the least bit uncertain, the solution is simple: hang up, and call the company that they claimed to represent. If it's legitimate, they'll understand (and perhaps even appreciate) your caution. If it's a scam, they may or may not appreciate your caution, but you'll have just saved yourself a lot of grief.

Cheers, :wink:
Bam

  • Like 4
Link to comment
  • Administrator

As another story - it's a real one that happened to me:


 


Some number called me one day. Thay had my name, they had the starting and ending numbers of my credit card (like 1111-****-****-2222)


 


And that fu**er on the phone asked me the missing numbers in the middle and he claimed that he already knew my whole number but it's a security confirmation (lie, lie, lie...)


 


and what did I do: "GO F YOURSELF MAN!" and hung up the phone!


  • Like 3
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...