Cold calling. Just another step in scareware evolution

Filed Under: Law & order, Malware, Podcast, SophosLabs

Retro telephone
As I woke this morning I listened to a report on the radio about the warning that has been put out by concerning the recent spate of fake anti-virus cold calls.

The concept behind these latest scams is simple, and was described by Duck and Sean last week. The criminals are using support centres to contact users and trick them into believing they have a problem with their computer.

In so doing, users may be scammed into paying for unnecessary support or software, perhaps even giving the criminals remote access to their computer in the process!

During a cold call that I received last week, I was treated to the usual banter: "malicious traffic had been spotted" eminating from my computer, indicating the presence of "junk and infected files" that were set to "destroy software, Windows and important files on my computer".

The scripts being used by the call centre may well be pure comedy to the tech-savvy, but the simple fact is that a lot of regular users are likely to fall for it. It only took me a few minutes of searching to find others who had received the same calls as myself, and within discussion forums there were numerous posts from individuals who had been tricked into parting with their credit card details.

Should we be surprised at this latest development in scareware distribution? I do not think so. Malware distribution has been a business for a good while now, and where the financial rewards are sufficient, some investment in "sales" is clearly justifiable.

The paying of call centre staff in these latests attacks is akin to paying for rogue adverts, another tactic we have seen used before.

Historically, scareware distributors have used a whole variety of tactics in order to hit users.

We have seen scareware attacks evolve from simple mass-spammed attachments to more cunning web-based attacks. The search engine optimisation (SEO) attacks are particularly cunning in that they abuse the very services that we all rely on and trust. Using call centres to cold call victims lacks that finesse, but it is somewhat inevitable, sadly.

Improved security (particularly widespread adoption of URL filtering) makes it harder for the even the most cunning of web-based attacks to succeed. The telephone cuts right through that and exploits the weakest link in the chain, the user.

Today (November 15th) marks the start of Get Safe Online week.

Get Safe Online

Get involved. Invest just a small amount of time and avoid becoming a victim.

And if you get asked by your friends or family how to recognise a scam support call, and what we recommend you to do if you receive one (don't hang around - put the phone down immediately!), why not get them to listen to our advice in this podcast:

(05 November 2010, duration 6:15 minutes, size 4.5MBytes)

, , , , , , ,

You might like

10 Responses to Cold calling. Just another step in scareware evolution

  1. christopher b · 1788 days ago

    i had one a couple of weeks ago on asking what op system i had and that there was security risk's but with being a phone call i just told them that my Internet security was up to date as well as my op system was up to date and put the phone down how many people are going to get caught out with this. PS didn't tell them what security software i was running just in case

  2. This is something that we are seeing a lot of where I work(broadband tech support). It seems that ask people to download and run a legitimate remote access program. Once they do this, they show them things like Temp files and tell them that they are all potential viruses, and demand a stupid amount of money to...

    A) Upgrade their system to Windows 7.
    B) Install an Anti-virus

    I have seen prices quoted between 150 for the anti-virus to about £400 for a full upgrade for problems that aren't even there in the first place.

    The other thing we noticed is that they use several reasons for contacting people. Claiming that they are from either "Your ISP", Microsoft or in the case of a couple of them, McAfee. The people who have mostly fell for it have been elderly users, but a few younger people have also been hit by this as well.

  3. Jane · 1788 days ago

    I would so much the same I do with all spam calls, get annoyed, say don't call me anymore, and slam the phone down. I know it doesn't do any good, they call back anyway, but it makes me feel better, haha

  4. Vee · 1788 days ago

    I too had a call from a guy saying he was from Microsoft and that there were hundreds of virus's on my computer. Unfortunately it came at a time when I had recently contacted my server about a small problem so I innocently assumed a connection. I listened to his banter and regretfully followed his instruction. He was able to show me all items etc that contained a virus on my computer and explaining to me that I was not to worry as he would put everything right at no charge. As an elderly lady he just wanted to help me, at which point I was alerted.I then started to get him off the computer, when he asked for my card number which he just needed to confirm I was the right person which of course I refused. It took me a while to tell him what I thought but he persisted. I finally told him if he would give me his telephone number and name I would get my son to call him later. Now for the Joke!! Despite his obvious accent he gave me his name and telephone number. Jack Smith, Indian call centre, and uk telephone number. Needless to say I haven't risked calling him.

  5. Emyr · 1787 days ago

    These calls are also doing the rounds in Australia at the moment and the callers are blatantly ignoring the do not call register.

    I've worked in IT for 20 years and usually I just end the call straight away but I was bored the last time thay called and strung the caller along for 10 minutes or so. He got so frustrated he passed me on to his supervisor. I managed to get his supervior to the point of shouting at me that I didn't know what I was talking about and he slammed the phone down.

    At least it gave me a smile and they couldn't call someone else when they were being wound up by me :-)

    • Dave · 1787 days ago

      i found the esiest way to deal with these calls just place the phone down and let them gabble on..............i just wonder how long it takes them to realise there's no one on the other end before they cut me off!!!!!! :-))))

  6. Wolf · 1787 days ago

    Is cold calling allowed in Britain? Thank god, due to §107 telecommunication law in Austria cold calls are strictly forbidden (penalty up to EUR 25000,- afaik). Thus, only few cold calls - nearly all of them from abroad - are seen.

  7. Peter · 1786 days ago

    Cold calling isn't allowed, except by companies you do/have previously done business with (more lukewarm calling I suppose) and where you've not ticked the boxes on forms (insurance quotes for example) to say you don't want to be contacted by them (or by their "specially selected partners with offers of interest"). Telemarketing is regulated by the Telephone Preference Service, this is industry self-regulation, but does I believe have the power to fine those who breach the code of practice and has statutory powers under the same EU legislation as in Austria.

    As with Austria though it's impossible to have recourse against callers from overseas, stereotypically from India, although I don't have any statistics on actual origins of nuisance calls. This is by definition a problem that's largely below the surface and difficult to track.

    I'm not clear if what Ryan describes is technically illegal in a Criminal sense, for example under the Computer Misuse Act, as the victim is willingly providing access to their computer- even if this is under false representations. This is undoubtedly fraud though and the target demographic makes it a particularly distasteful scam. Whilst the "technical support" staff are using your computer of course there is nothing stopping them installing one of the "anti-virus" products that quietly downloads the malware that was their premise for calling you in the first place as well.

  8. Ali Belcher · 1786 days ago

    Oh god, how stupid do I feel right now. I was telephoned from a guy called James Hudson on 29/10/10 saying he was from Windows 7, explained that my software had expired which had let hundreds of viruses in, the same situation as Ryan. They installed Super anti spyware professional and mozilla firefox.

    I'm normally so careful, but this time they got me, and I parted with £230.00 whilst they let a so called maintence guy into my computer.

    This only came to light this morning, and I have informed my credit card company. The anti spyware kept prompting me to download after the trial version had run its course, so these people put trial downloads on when you think you have brought a full year or so.

  9. corner the duck · 1571 days ago
    This is the fun I had when they called me... I had to cut parts of it as it s long but best bits are there

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.