For the past couple of years, cybercrooks have been going beyond fake anti-virus software, also known as scareware. After all, fake software can reach only so far.
They've found another way to scare you out of your cash: fake technical support centres. OK, the support centres are real enough. But the "support" is fraudulent. That begs the question, how do you tell?
That's a question which Sean Richmond, a product expert and trainer here at Sophos in Sydney, is regularly asked by the techies he trains. So I decided to put the same question to him in a podcast. Now you can play it to your friends and family if they ask you!
(05 November 2010, duration 6:15 minutes, size 4.5MBytes)
To explain: you can imagine how fake support calls might unfold. The caller is working with Windows, or Microsoft, or your ISP, to help protect the world from cybercrime. He's not selling you anything. He's giving you free advice.
Then he takes you to parts of the operating system you might not have seen before. Open the Event Viewer on Windows, or the Console application on your Mac, and you will see a never-ending list of dangerous-sounding errors of all sorts.
Next thing, you've been frightened into letting the scammer get remote access to your computer - and paying for the privilege with your credit card. Naturally, he will "fix" your computer. So although you've just incurred an unexpected support expense, you might even end up feeling relieved.
If you work in IT, you'll easily spot these scams. They're obviously inept, and even perversely amusing. So it's easy to assume that everyone else will spot them, too. After all, surely any out-of-the blue call like this has got to be bogus?
But how do you teach your friends and family - people who have never seen the Event Viewer before, and don't know how needlessly scary it can look - not to be tricked? And how do they differentiate between well-meaning calls from their ISP, and scam calls from a fraudulent call centre?
Here's how. Sean's advice in the podcast can be summarised as follows:
* Your best defence is to end the call as soon as you can. You have nothing to lose. You didn't ask for help, and you don't have to accept it.
* Treat any caller who tries to talk you into doing anything on your computer as if he just knocked uninvited on your door and invited himself into your house "for your safety".
* Today's calls are targeting Windows users. But the patter they use could easily be adapted for Macs. The target is your fear, not your operating system or computer.
* Never rely on any information - e.g. phone number or website - given to you by the caller to validate his credibility. (Local-looking numbers and URLs mean nothing these days. They can inexpensively be redirected over the internet.)
* If your ISP calls you up, thank them and call them back. But look up the number to call in information you already have, such as your contract, your bill, or their advertising material.
* Always rely on someone you actually know and trust for PC advice. If you're going to pay for technical support, wouldn't you rather give your money to someone honest? And local? And accountable for their actions?
Don't want to listen online? Download the podcast for later.