Sophos Cloud Optix
For the past couple of years, cybercrooks have been going beyond fake anti-virus software, also known as scareware. After all, fake software can reach only so far.
They’ve found another way to scare you out of your cash: fake technical support centres. OK, the support centres are real enough. But the “support” is fraudulent. That begs the question, how do you tell?
That’s a question which Sean Richmond, a product expert and trainer here at Sophos in Sydney, is regularly asked by the techies he trains. So I decided to put the same question to him in a podcast. Now you can play it to your friends and family if they ask you!
(05 November 2010, duration 6:15 minutes, size 4.5MBytes)
To explain: you can imagine how fake support calls might unfold. The caller is working with Windows, or Microsoft, or your ISP, to help protect the world from cybercrime. He’s not selling you anything. He’s giving you free advice.
Then he takes you to parts of the operating system you might not have seen before. Open the Event Viewer on Windows, or the Console application on your Mac, and you will see a never-ending list of dangerous-sounding errors of all sorts.
Next thing, you’ve been frightened into letting the scammer get remote access to your computer – and paying for the privilege with your credit card. Naturally, he will “fix” your computer. So although you’ve just incurred an unexpected support expense, you might even end up feeling relieved.
If you work in IT, you’ll easily spot these scams. They’re obviously inept, and even perversely amusing. So it’s easy to assume that everyone else will spot them, too. After all, surely any out-of-the blue call like this has got to be bogus?
Not necessarily. In Australia and other countries, ISPs are starting to be more proactive against zombies. Part of this proactivity is to call up badly-infected customers.
But how do you teach your friends and family – people who have never seen the Event Viewer before, and don’t know how needlessly scary it can look – not to be tricked? And how do they differentiate between well-meaning calls from their ISP, and scam calls from a fraudulent call centre?
Here’s how. Sean’s advice in the podcast can be summarised as follows:
* Your best defence is to end the call as soon as you can. You have nothing to lose. You didn’t ask for help, and you don’t have to accept it.
* Treat any caller who tries to talk you into doing anything on your computer as if he just knocked uninvited on your door and invited himself into your house “for your safety”.
* Today’s calls are targeting Windows users. But the patter they use could easily be adapted for Macs. The target is your fear, not your operating system or computer.
* Never rely on any information – e.g. phone number or website – given to you by the caller to validate his credibility. (Local-looking numbers and URLs mean nothing these days. They can inexpensively be redirected over the internet.)
* If your ISP calls you up, thank them and call them back. But look up the number to call in information you already have, such as your contract, your bill, or their advertising material.
* Always rely on someone you actually know and trust for PC advice. If you’re going to pay for technical support, wouldn’t you rather give your money to someone honest? And local? And accountable for their actions?
Don’t want to listen online? Download the podcast for later.
Stating all Mac users are a demographic with 'more money to waste' is fairly unprofessional view on a growing market, especially from a company such as yours. Very disappointing to hear.
That is very correct, and they are spot on. Look at how much a computer costs by building it yourself to spec against a Mac Pro? You will see about 1500 dollar difference, then there is the iPhone which costs about 300 bucks which is 150 more then an equivalent blackberry, the iPad is another very costly item weighing in at upwards of 800 bucks. So yes Mac users are generally more wealthy then non-apple buying people. I buy and build my own computers, so I know what they are talking.
On-line?
Get with the times!
😛
I've been on-line now for years, most people are these days.
Hmmm. The previous commenter is upset with the word "waste".
I get the point, though if we'd said "disposable income", that would have been an unexceptional remark – and "waste" is, after all, "stuff one disposes of".
I can't speak for Sean – he's not around to ask right now – but I know him pretty well. That's how I took his comment in the interview, and that's why I left it in. I can also tell you that he is a Mac lover and proselytiser. And, though I am supposed to maintain an ecumenical outlook here, I'm a Macster, too. (This comment is being entered on the gorgeously backlit keyboard of my Macbook Pro.)
Apologies in advance to any Mac users who imagine that we meant to imply that they are cash-laden chumps just waiting to spend money on garbage.
We meant merely to warn that fear-based tricks of this sort can be rigged up against anyone who isn't an expert, regardless of operating system. And OS X is the next-biggest target after Windows, by a country mile. If you let the scammer keep talking at you, he's got a chance to keep working that fear until a point where some people – especially if they can afford to risk spending some extra cash without immediate hardship – might give in against their better judgement.
And apologies to any Windows users who imagine that we think, ipso facto, that they are somehow inferior in earning power to Macsters, since otherwise _they'd_ be the ones to have more cash to wast^H^H^H^Hspend on stuff they might otherwise not get talked into.
And apologies to Linux users for saying that OS X is a bigger target than yours "by a country mile". But that one, I think, is hard to argue against.
And apologies to OpenBSD users, for not mentioning them at all…until now.
I'll stop there. Have a good weekend, everyone.
Good grief.
You forgot to apologize to Mac users for using the word Mac in the same sentence as Windows.
Some people, clearly, have too much time on their hands to "waste" and get upset at Mac references.
I'm "not impressed" with Mac-users (with a "L") 🙂 They are Job's victims, and designer PC consumers. As soon as Jobs leaves, where will their growing market go? Out to Sony-land.
Please don't apologize to Apple users again.
Dr Evil.
The corporations and banks themselves encourage these scams through poor policy.
I very nearly reported an e-mail from my financial institution as a phish because they were redirecting me through a tracking URL at cp20.com. Because I didn't click the tracking link, and instead typed the usual site address into my browser, they e-mailed me once or twice more, as well as leaving me a voicemail. My complaint to their security department went completely unanswered, and they continue to use cp20.com in their e-mails.
Companies should have policies never to ask you to click a link or call a number. Instead, they should direct their users to go to their website (without providing a clickable link), or to call them back at the number provided on the latest bill, etc.
Indeed.
It doesn't help when genuine companies "loosen us up" by not being clearly and unambiguously different from the average scammer.
I think links in emails are fine in general, of course. I use them myself to ask people I know to read my blog. (A guy has to keep his click-rates up, after all.)
But when it comes to institution X wanting you to do something related to personally identifiable information of any sort, especially related to security, then inviting you do so insecurely, whether by phone or over the net, is bad news.
As a friend and colleague in Vancouver (g'day, Tony Ross!) likes to remind us all – you should worry more about your bank authenticating itself to you than about you authenticating yourself to the bank. After all, the latter is the bank's problem. The former is very much your own.
I had a better experience than you did. My bank wanted to talk to me about a possible security glitch. The call centre phoned and urged me to call back, but warned me not to bother asking for a number, which they said they'd refuse to give – and they explained why. They insisted I refer back to documentation which they knew I already had and which I knew was without doubt from them.
Pleased me a lot.
Reputable ISPs who are calling a customer with a zombie-bot clogging their mail queues with spam will already have reset the customer password at the server and broken the connection if it's web mail. That's pretty easy to verify if it happens to you.
I happened to be working from home one day when my wife got such a call. She eventually handed the phone to me and the boob started explaining what a virus was to me. When I explained I'm in the email security industry and asked him to explain who he was and all about his company, he hung up. Surprise, surprise. I shudder to think that if my matronly neighbor got such a call that she'd be led right through the scam.
Getting back to the point of the item, there have been many reports of this, and related, scams over the past few months. Indeed, I and others have had letters published in the computer press, MicroMart in my case, on this very subject and how easy it is to recognise as a scam. All you need do is tell them you use Linux and not Windows and then ask how they are seeing a fault with Windows on your system. They will usually be confused and ring off meaning it was a scam attempt. If you can, use CallerID or the 1471 service on BT to get any number they were using – but they are often blocking thier source number which should make you doubly careful. Add to that the fact that if you are running a decent Firewall it will prevent them accessing your machine without your explicit invitation so they can’t just casually interogate your PC – unless they are deliberately hacking (in which case your Anti-malware, anti-trojan and AV software should kick in as well as your firewall giving an intrusion alarm.
Also watch out for a telephone scam purporting to be on behalf of Sky wanting your address details to deliver a ‘new, expensive viewing card’. Sky will always vause a message to be displayed on your Sky system if they are issueing new cards and they never call for address information as they have that already! That has been confirmed by Sky directly to me.
Cheers and don’t get scammed.
Mike Perry, BSc.
Good points. As Sean pointed out in the podcast, the current "sales script" usually used by the scammers seems to involve killing the call if you say you have anything other than Windows. But there's nothing to stop them writing scripts for Linux or OS X too, to keep you on the line until they have you scared enough to let your guard down.
On the other hand, if you _are_ a Linux or OS X user and you get a call which is based upon an assumption that you are running Windows, then clearly the caller is phishing 🙂
Sean's primary advice is simple enough. If you get a call from someone claiming that they want to help you fix your PC, just hang up.
_Then_ decide what you're going to do, and whom you're going to call, using information of your own choosing. The longer you're online, the longer they have to sow those seeds of doubt…
My fake helper was interested in the fact I have a macbook pro… I see a trend here
An Indian called me from 'Microsoft Support' and knew my surname was Young. I asked whether he was in Australia, because our number is on the Australian government's Do Not Call register, making his call illegal. He hesitated, then said, most professionally, "You sound like your are Old, not Young" and rang off. Some of these scammers are a real class act, aren't they?
I am more concerned about the "make my pc run faster" company ads that seem more common on TV and other media that i would have ever thought possible. I doubt any of them have a need for really tech savvy people, hence I can't see their employees as earning much so useful opportunities from customer contacts would seem a job bonus. I don't know how they work but from what I hear they are certainly hawking snake oil. Anybody who is so computer un-savvy as to buy into their spiel shouldn't touch a computer anyway. There are so many free utilities that do waht they claim and a few simple actions by a PC user can do much of the rest. Their comment saying there is no need to buy a new PC if it's running slow alone says these places are not on the level. They prey on the uninitiated.
Although we sort of know, as a family, to hang up and recall our ISP, or our bank , or anythjng important, and are on the US No Calls List, some do slip by as Mr. Young says. I would never sceed over access to a computer as I didn't even like doing that with a major corporation's IT people working on their computers
t
I appreciate you fellers fum Dayen-Undah taking the time to send this out. Gud onya, Mates… ( was that the right way to say thanks? : -}) )
Semper FI,
TXSFRED
I got a call today. I am on Australia's "Do not call" register, which means the call was either illegal or from offshore. The caller's accent was Mumbai or similar. Said he was with Microsoft Windows Security Agency. Caller D displayed a Sydney number which was obviously fake. I told him he was a criminal, and I would report him (not that practical in reality though since his number would be fake). He told me I was a fool – I hung up. BUT what I deliberately didn't tell him was that all the computers in the house are Mac's, and the only copy of Windows (XP) runs in a virtual machine with no access beyond the host computer. Presumably he continues to believe that our house runs Macs – just in case he calls back… Moral = don't trust anyone
I got one of these too and early in the morning. Amazing how they're still trying even a year and a half after you guys wrote this article. What made it funny was my computer was off.
Another way that would help: turn your computer off each night.
Holy crap. I just finished with one of these guys…… Uh oh…. NOOOOOO