|
|
Wednesday 18 January 2012
- Telephony scams: Your machine told them it was infected? Really?
|
Telephony scams: Your machine told them it was infected? Really?
By Steven Burn - January 18th 2012
 It's been a while since I've written anything here, and as I'm taking a break from work, I thought I'd write something, in case you'd forgotten either about this site, or the scammy folks in Kolkata. First and foremost, a little note for those wondering - Staffordshire Council have removed the PDF, presumably due to too much traffic, but you can still find it here;
http://wayback.archive.org/web/*/http://www.staffordshire.gov.uk/NR/rdonlyres/6997DBB0-E31E-4AFB-A886-C9DDEE114204/90090/*
Now, on to the subject at hand. Scams have been around longer than most of us have been alive, and telephony scamms, are almost as old as I am. However, this begs the question of why people are still falling for them? The folks in Kolkata for example, who seem to be using a variety of company names (and nope, I'm not referring to the names of the companies they tell you they're from when they cold call you), for example eFix (Ref), have been getting progressively more prolific over the past few years, and this doesn't seem to be waning.
So what exactly are they doing? Well, some have recorded these scams, and I'll point you to those in a second, but in short;
1. They cold call you telling you they're from company X (e.g. Microsoft, Malwarebytes, Eset) or some random rubbish such as "Computer Support Services"
2. They inform you your computer has told them it is infected
3. They point you to the Event Viewer and Prefetch folders (some have also mentioned being pointed to the Temp and Temporary Internet Files folders), to see the "infections"
4. They then convince you to load a site, and get you to allow them to connect to your machine using a remote connection service such as Ammyy.com
5. Once connected, one of two things occur - they pretend to clean the infections, or actually infect your machine (some victims have reported one or the other occuring)
Some victims have reported having software such as Malwarebytes or Eset's NOD32 installed, and found out when contacting Malwarebytes/Eset, that it was either only the free version (in the case of Malwarebytes), or the trial (in the case of Eset).
6. Finally, they scam you into signing up for one of their "plans". The plans of course, not being cheap - victims have reported being taken for anything from £50 to several hundred.
Myself, my good friend David Harley from Eset, and Martijn Grooten from Virus Bulletin are still investigating these, and if you've been scammed by these people, please do get in touch - and if you've been scammed, first and foremost;
1. Phone your credit card company and have them cancel the payment (or do a chargeback), or in the case of PayPal payments, contact PayPal and report it
2. Have your computer checked to ensure nothing malicious was put on it (there are a variety of places you can do this, for free, such as the Malwarebytes forums)
3. Report it;
For those in the UK/Ireland:
https://secure.consumerdirect.gov.uk/reportascam.aspx
http://www.tradingstandards.gov.uk/
For those in the US:
BBB (Better Business Bureau)
http://www.bbb.org/
FBI (Federal Bureau of Investigation)
http://fbi.gov
For those in Australia:
Australian Competition and Consumer Commission
http://www.accc.gov.au
There are of course, hundreds of variations of this going on, but one thing to remember - ANY company cold calling you, is scamming you - the only purpose of cold-calls, is to sell you something - YOUR COMPUTER HAD NOTHING TO DO WITH IT. If you get a call such as this, put the phone down immediately, DO NOT allow them to connect to your machine, and DO NOT allow them to convince you to sign up for one of their support plans or some such.
The recording of one such call, can be found here, along with an outline of how it works;
http://news.bbc.co.uk/today/hi/today/newsid_9637000/9637033.stm
References
PC Support Scam Resources
http://avien.net/blog/?page_id=790
BBC: Rory Cellan-Jones - How to spot PC virus scam
http://news.bbc.co.uk/today/hi/today/newsid_9637000/9637033.stm
PC Support Scam Resources
http://avien.net/blog/?page_id=790
Facebook Likes and cold-call scams
http://blog.eset.com/2011/11/09/facebook-likes-and-cold-call-scams
Microsoft Support Scam (again)
http://isc.sans.org/diary.html?storyid=10912
Info: Telephone scammers still coming to a phone near you!
http://hphosts.blogspot.com/2011/03/info-telephone-scammers-still-coming-to.html
Support Scams: Even More Personal
http://blog.eset.com/2010/12/16/support-scams-even-more-personal
Fake Support: the War Drags On
http://blog.eset.com/2010/11/18/fake-support-the-war-drags-on
Marketing Misusing ESET’s Name
http://blog.eset.com/2010/06/23/marketing-misusing-esets-name
techonsupport.com, click4rescue.com, pcrescueworld.com: SupportOnClick revisited
http://hphosts.blogspot.com/2009/12/techonsupportcom-click4rescuecom.html
SupportOnClick: Phoned by Malwarebytes? BigPond? Anyone else?
http://hphosts.blogspot.com/2009/07/supportonclick-phoned-by-malwarebytes.html
SupportOnClick Update
http://hphosts.blogspot.com/2009/04/supportonclick-update.html
supportonclick.com scamming you by telephone!
http://hphosts.blogspot.com/2009/03/supportonclickcom-scamming-you-by.html
Fake tech support call scam - prefetch virus logmein123.com
http://www.digitaltoast.co.uk/fake-tech-support-call-scam-prefetch-virus-logmein123com
New scam - They call you by phone!
http://www.malwarebytes.org/forums/index.php?showtopic=11156
Staffordshire Council - Telephone computer support warning (PDF)
http://www.staffordshire.gov.uk/NR/rdonlyres/6997DBB0-E31E-4AFB-A886-C9DDEE114204/90090/TelephoneComputerSupportWarning.pdf
PDF can still be found at: http://wayback.archive.org/web/*/http://www.staffordshire.gov.uk/NR/rdonlyres/6997DBB0-E31E-4AFB-A886-C9DDEE114204/90090/*
Cold call scam warns of virus infection
http://www.h-online.com/security/Cold-call-scam-warns-of-virus-infection--/news/112893
Scareware scammers adopt cold call tactics
http://www.theregister.co.uk/2009/04/10/supportonclick_scareware_scam
|
|
|
|
|
sGB Hosted Guestbooks
Our Products
BugHunter
