Fake tech reps calling
Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys.
ISC reader Fred received such a call earlier today. The caller claimed to be from the "Tech department of Windows" and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed "You indeed have the deadly errors" .. and proceeded to ask Fred to connect to www.ammyy.com and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.
Bottom line: If "tech support" calls you without you having opened a ticket with them first, be veeery suspicious. Chances are high it is a scam.
Comments
They took her credit card info over the phone and processed it through google checkout. They created the google checkout account for her. I had her cancel the card.
They installed some generic speed boost and registry fix stuff on the computer. I didn't see anything malicious installed, but I re-formatted it anyways.
They used ammyy to access her computer as well, but from what I can tell it's legitimate software. I've heard stories about the scammers using logmein rescue as well, which is definitely legit software.
JRS
Mar 30th 2012
1 decade ago
http://soundcloud.com/rorycellan/another-call-about-my-windows
Phil
Mar 31st 2012
1 decade ago
Seedy
Apr 1st 2012
1 decade ago
Jeff@HackDefendr
Apr 1st 2012
1 decade ago
Reason she never checked with me? "You were on holiday and I didn't want to bother you".
ARGH!
lans
Apr 2nd 2012
1 decade ago
She then promptly ran a virus scan and found no threats.
Gotta love the different angles the bad guys are exploiting these days.
Steve B.
Apr 2nd 2012
1 decade ago
Just because they put it in there terms doesn't mean what's going on isn't fraud and illegal.
dsh
Apr 2nd 2012
1 decade ago
TrustedDefense
Apr 2nd 2012
1 decade ago
lanceanz
Apr 2nd 2012
1 decade ago
Eventually they had me install some remote control software, which naturally wouldn't work with the link they gave me. So being helpful, I installed the Mac version and let them come in and do their thing.
They asked me to log into my bank account so I could pay for the services at which point I sadly had to decline.
nowakca
Apr 2nd 2012
1 decade ago