Bogus support calls continue to plague Australians, with the Queensland Police Service (QPS) recently warning its constituents of a specific "outbreak" of call scams, this time from a call centre claiming to be the Windows Service Centre.
Brian Hay, a Detective Superindent with the QPS (and, not at all incidentally, winner of the 2010 AusCERT Director's Award for Individual Excellence in Information Security), points out that this latest scam seems to be more targeted than previous call-centre scams.
The scammers appear to have done some market research beforehand:
It has become apparent that some of the targeted victims of this scam had previously engaged in a phone survey some weeks earlier. This innocuous survey sought no personal information; however, it did query information regarding the householder’s computer equipment. When armed with this information at a later date, the fraudster is able to gain credibility of consumers to better scam them of their money.
The lessons to learn from this are:
* Don't assume that participating in unsolicited surveys is harmless because you're only giving away modest amounts of information such as the software you use. The scammers don't need to know exactly who you are, or where you live, in order to sound more believable when they contact you in the future. If in doubt, leave it out!
* Don't accept unsolicited calls which try to work on your computer security fears. You have nothing to gain, and everything to lose.
* Don't take a stranger's explanation of errors in Event Viewer or other system logs. If you are genuinely worried, contact a friend. Not a Facebook friend - a real friend. Someone you know, and like, and trust.
* Don't call back or visit websites based on what you're told over the phone or in an email. Find a reliable, physical reminder of where to call or go online - for example, the emergency number on the back of your credit card for banking problems, or the support number on the last bill from your ISP for online concerns.
For more advice, listen to this podcast in which Sophos product expert and trainer Sean Richmond and I give some tips on what to do:
Don't want to listen online? Download the podcast for later: